Comments on: Five-Minutes to a More Secure SSH http://blog.unixlore.net/2006/04/five-minutes-to-more-secure-ssh.html Geek tech-tips, news and commentary Thu, 04 Dec 2008 19:56:02 +0000 http://wordpress.org/?v=2.2.2 By: Anonymous http://blog.unixlore.net/2006/04/five-minutes-to-more-secure-ssh.html#comment-133 Anonymous Mon, 20 Aug 2007 13:09:00 +0000 http://blog.unixlore.net/2006/04/five-minutes-to-more-secure-ssh.html#comment-133 I've taken to never opening SSH on the firewall. Users that need remote access bring me their laptop and I install OpenVPN. To initiate a brute force attack on SSH an attacker would first have to compromise OpenVPN. I’ve taken to never opening SSH on the firewall. Users that need remote access bring me their laptop and I install OpenVPN. To initiate a brute force attack on SSH an attacker would first have to compromise OpenVPN.

]]> By: Anonymous http://blog.unixlore.net/2006/04/five-minutes-to-more-secure-ssh.html#comment-124 Anonymous Mon, 19 Mar 2007 01:48:00 +0000 http://blog.unixlore.net/2006/04/five-minutes-to-more-secure-ssh.html#comment-124 Just installed DenyHosts on Fedora 6. It installed perfectly through yum, and after a few minutes tweaking the configuration options I feel much better about the security of my system. Definitely recommend this program! Just installed DenyHosts on Fedora 6. It installed perfectly through yum, and after a few minutes tweaking the configuration options I feel much better about the security of my system. Definitely recommend this program!

]]> By: Doug http://blog.unixlore.net/2006/04/five-minutes-to-more-secure-ssh.html#comment-114 Doug Wed, 10 Jan 2007 14:45:00 +0000 http://blog.unixlore.net/2006/04/five-minutes-to-more-secure-ssh.html#comment-114 Yes, you can use the from="" in your authorized_keys file to restrict where clients can log in from. Read sshd (8) and look for "AUTHORIZED_KEYS FILE FORMAT". Yes, you can use the from=”" in your authorized_keys file to restrict where clients can log in from. Read sshd (8) and look for “AUTHORIZED_KEYS FILE FORMAT”.

]]> By: Anonymous http://blog.unixlore.net/2006/04/five-minutes-to-more-secure-ssh.html#comment-113 Anonymous Wed, 10 Jan 2007 12:34:00 +0000 http://blog.unixlore.net/2006/04/five-minutes-to-more-secure-ssh.html#comment-113 Good article and discussion. Just out of interest does anybody know how to allow allow; userA to login from HostA only userB to login from HostB only userC to login from anywhere Something that has got me a little stumped and I need. Suggestions would be helpful. Thanks Ben Good article and discussion. Just out of interest does anybody know how to allow allow;

userA to login from HostA only
userB to login from HostB only
userC to login from anywhere

Something that has got me a little stumped and I need.

Suggestions would be helpful.

Thanks
Ben

]]> By: Doug http://blog.unixlore.net/2006/04/five-minutes-to-more-secure-ssh.html#comment-112 Doug Tue, 09 Jan 2007 17:19:00 +0000 http://blog.unixlore.net/2006/04/five-minutes-to-more-secure-ssh.html#comment-112 I'm not sure I understand what your issue is - where was SSH disabled, on the client, or server? Do you mean the desktop installed a firewall that blocks inbound SSH? I’m not sure I understand what your issue is - where was SSH disabled, on the client, or server? Do you mean the desktop installed a firewall that blocks inbound SSH?

]]> By: wils http://blog.unixlore.net/2006/04/five-minutes-to-more-secure-ssh.html#comment-111 wils Mon, 08 Jan 2007 11:41:00 +0000 http://blog.unixlore.net/2006/04/five-minutes-to-more-secure-ssh.html#comment-111 In our office, on a testing machine i was using ssh. However, while installing a 'icewm'(desktop), it is asked for a msg 'disable ssh', by mistake i did 'Yes'(thinking temporary). But now its disabled. when me and others try to login using ssh from client side, its just prompting Login, when we enter the user name and enter for password option, this window get disappered. please advise how do i solve this issue. help needed. thanks wilson In our office, on a testing machine i was using ssh. However, while installing a ‘icewm’(desktop), it is asked for a msg ‘disable ssh’, by mistake i did ‘Yes’(thinking temporary). But now its disabled.

when me and others try to login using ssh from client side, its just prompting Login, when we enter the user name and enter for password option, this window get disappered.

please advise how do i solve this issue. help needed.

thanks
wilson

]]> By: Anonymous http://blog.unixlore.net/2006/04/five-minutes-to-more-secure-ssh.html#comment-107 Anonymous Sun, 29 Oct 2006 16:05:00 +0000 http://blog.unixlore.net/2006/04/five-minutes-to-more-secure-ssh.html#comment-107 i have also found this article today on the web that is interesting:<br/><br/>http://www.xthought.org/blog/2006/secure-ssh i have also found this article today on the web that is interesting:

http://www.xthought.org/blog/2006/secure-ssh

]]> By: Doug http://blog.unixlore.net/2006/04/five-minutes-to-more-secure-ssh.html#comment-102 Doug Wed, 04 Oct 2006 14:15:00 +0000 http://blog.unixlore.net/2006/04/five-minutes-to-more-secure-ssh.html#comment-102 Sure, you don't need to use the command I posted. Take the public key (id_dsa.pub) from the box you are connecting from, and append it to the authorized_keys file on the box you are connecting to (VPS, I'm assuming? So that would be /root/.ssh/authorized_keys). Just open the authorzed_keys file in a text editor and paste the contents of the public key file at the end of it (you don't want to overwrite previous keys in that file, but if this is the only key, it doesn't matter). Sure, you don’t need to use the command I posted. Take the public key (id_dsa.pub) from the box you are connecting from, and append it to the authorized_keys file on the box you are connecting to (VPS, I’m assuming? So that would be /root/.ssh/authorized_keys). Just open the authorzed_keys file in a text editor and paste the contents of the public key file at the end of it (you don’t want to overwrite previous keys in that file, but if this is the only key, it doesn’t matter).

]]> By: VPS http://blog.unixlore.net/2006/04/five-minutes-to-more-secure-ssh.html#comment-101 VPS Mon, 02 Oct 2006 12:46:00 +0000 http://blog.unixlore.net/2006/04/five-minutes-to-more-secure-ssh.html#comment-101 am sorry Doug, but this sounds rather like Chinese for me.. <br/><br/>can you be a bit clearer please? am sorry Doug, but this sounds rather like Chinese for me..

can you be a bit clearer please?

]]> By: Doug http://blog.unixlore.net/2006/04/five-minutes-to-more-secure-ssh.html#comment-99 Doug Fri, 29 Sep 2006 17:05:00 +0000 http://blog.unixlore.net/2006/04/five-minutes-to-more-secure-ssh.html#comment-99 You don't need to redo your keys.<br/> <br/>If you are connecting from root@vps -> root@vps itself then you don't need to type "cat ~/.ssh/id_dsa.pub | ssh root@vps "cat >> .ssh/authorized_keys"". Just edit the authorized_keys file on vps and copy/paste the originating host's public key to the end. <br/><br/>The command I gave was a shortcut to transfer a public key from a remote host, not the same one. You don’t need to redo your keys.

If you are connecting from root@vps -> root@vps itself then you don’t need to type “cat ~/.ssh/id_dsa.pub | ssh root@vps “cat >> .ssh/authorized_keys”". Just edit the authorized_keys file on vps and copy/paste the originating host’s public key to the end.

The command I gave was a shortcut to transfer a public key from a remote host, not the same one.

]]>