Results 1 to 5 of 5

Thread: locking down ssh

  1. #1
    Member n00bius's Avatar
    Join Date
    Mar 2005
    Location
    texas
    Posts
    86

    locking down ssh

    I haven't skipped through the man page, but in the meantime, is there a way to make ssh only accept one RSA key and deny all others?
    ...:::Pure Kn0wledge:::...

  2. #2
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    Posts
    1,021
    What exactly are you trying to achieve?

    I can probably help.

    Steve
    IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com

  3. #3
    Senior Member
    Join Date
    Feb 2003
    Location
    Memphis, TN
    Posts
    3,747
    Heres a link that might help you.

    http://www.urbanpuddle.com/articles/...cking-down-ssh

    It does not have locking down your SSH by using RSA keys, but it comes close I think.

    A few other things you can do, I think our helpfull is the following:

    1. Change the SSH Port
    2. Disallow root login..make 1 user a wheel user, so only that user can do a SU to root.
    3. Install a BFD detection program...I use a program on my linux boxes called BFD, and APF.

    BFD checks for brute force attempts, logs them, then after the set # of attempts have been reached, it passes it on to the APF program which then creates a IPTable rule, and bans the IP from the server.

    Pretty good stuff actually.
    =

  4. #4
    Member n00bius's Avatar
    Join Date
    Mar 2005
    Location
    texas
    Posts
    86
    Cheyenne love the idea will put it in to use. and Steve as far as what i'm trying to achieve, i wanted to be able to ssh into my linux box from the web since work gets so boring, but I didn't want to have it open for the world. So if I could restrict it to refuse logins to every machine but or a certain security key (like the xx:xx:xx:xx:xx number it asks you to accept I believe the first time you ssh to it).
    ...:::Pure Kn0wledge:::...

  5. #5
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    Posts
    1,021
    OK

    On the home machine add to /etc/ssh/ssh_config:
    Protocol 2
    PasswordAuthentication no
    ChallengeResponseAuthentication no
    AllowUsers yourusernamehere

    This limits logins only to your username and prevents password authentication.

    On you work machine run ssh-keygen -t dsa
    From your work machine copy ~/.ssh/id_dsa.pub to your home machine /home/yourusernamehere/athorized_keys

    Make sure that after the copy it is chmod 600

    From work issue ssh yourusernamehere@your.home.machine and you should connect.

    Connections will be then limited to only the work machine.

    If you want to make it more secure I think you can add passphrases when you ssh-keygen - man ssh-keygen for help.

    Steve
    IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com

Similar Threads

  1. locking an application on the desktop
    By xmaddness in forum Microsoft Security Discussions
    Replies: 1
    Last Post: November 11th, 2005, 08:36 PM
  2. Doteasy Domain Locking
    By hiddeninclouds in forum Web Development
    Replies: 2
    Last Post: January 21st, 2004, 07:59 PM
  3. locking folders
    By sk8 in forum Newbie Security Questions
    Replies: 11
    Last Post: November 18th, 2003, 03:23 AM
  4. Password Locking a Windows Folder
    By Gnitzman in forum Programming Security
    Replies: 10
    Last Post: May 12th, 2002, 06:23 AM
  5. File locking feature in Windows NT and 2000.
    By micael in forum Security Archives
    Replies: 1
    Last Post: December 20th, 2001, 09:24 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •