locking down ssh

I haven't skipped through the man page, but in the meantime, is there a way to make ssh only accept one RSA key and deny all others?

What exactly are you trying to achieve?

I can probably help.

Steve

Heres a link that might help you.

http://www.urbanpuddle.com/articles/...cking-down-ssh

It does not have locking down your SSH by using RSA keys, but it comes close I think.

A few other things you can do, I think our helpfull is the following:

1. Change the SSH Port
2. Disallow root login..make 1 user a wheel user, so only that user can do a SU to root.
3. Install a BFD detection program...I use a program on my linux boxes called BFD, and APF.

BFD checks for brute force attempts, logs them, then after the set # of attempts have been reached, it passes it on to the APF program which then creates a IPTable rule, and bans the IP from the server.

Pretty good stuff actually.

Cheyenne love the idea :) will put it in to use. and Steve as far as what i'm trying to achieve, i wanted to be able to ssh into my linux box from the web since work gets so boring, but I didn't want to have it open for the world. So if I could restrict it to refuse logins to every machine but or a certain security key (like the xx:xx:xx:xx:xx number it asks you to accept I believe the first time you ssh to it).

OK

On the home machine add to /etc/ssh/ssh_config:
Protocol 2
PasswordAuthentication no
ChallengeResponseAuthentication no
AllowUsers yourusernamehere

This limits logins only to your username and prevents password authentication.

On you work machine run ssh-keygen -t dsa
From your work machine copy ~/.ssh/id_dsa.pub to your home machine /home/yourusernamehere/athorized_keys

Make sure that after the copy it is chmod 600

From work issue ssh yourusernamehere@your.home.machine and you should connect.

Connections will be then limited to only the work machine.

If you want to make it more secure I think you can add passphrases when you ssh-keygen - man ssh-keygen for help.

Steve