I haven't skipped through the man page, but in the meantime, is there a way to make ssh only accept one RSA key and deny all others?
Printable View
I haven't skipped through the man page, but in the meantime, is there a way to make ssh only accept one RSA key and deny all others?
What exactly are you trying to achieve?
I can probably help.
Steve
Heres a link that might help you.
http://www.urbanpuddle.com/articles/...cking-down-ssh
It does not have locking down your SSH by using RSA keys, but it comes close I think.
A few other things you can do, I think our helpfull is the following:
1. Change the SSH Port
2. Disallow root login..make 1 user a wheel user, so only that user can do a SU to root.
3. Install a BFD detection program...I use a program on my linux boxes called BFD, and APF.
BFD checks for brute force attempts, logs them, then after the set # of attempts have been reached, it passes it on to the APF program which then creates a IPTable rule, and bans the IP from the server.
Pretty good stuff actually.
Cheyenne love the idea :) will put it in to use. and Steve as far as what i'm trying to achieve, i wanted to be able to ssh into my linux box from the web since work gets so boring, but I didn't want to have it open for the world. So if I could restrict it to refuse logins to every machine but or a certain security key (like the xx:xx:xx:xx:xx number it asks you to accept I believe the first time you ssh to it).
OK
On the home machine add to /etc/ssh/ssh_config:
Protocol 2
PasswordAuthentication no
ChallengeResponseAuthentication no
AllowUsers yourusernamehere
This limits logins only to your username and prevents password authentication.
On you work machine run ssh-keygen -t dsa
From your work machine copy ~/.ssh/id_dsa.pub to your home machine /home/yourusernamehere/athorized_keys
Make sure that after the copy it is chmod 600
From work issue ssh yourusernamehere@your.home.machine and you should connect.
Connections will be then limited to only the work machine.
If you want to make it more secure I think you can add passphrases when you ssh-keygen - man ssh-keygen for help.
Steve