-
August 10th, 2007, 08:06 AM
#1
locking down ssh
I haven't skipped through the man page, but in the meantime, is there a way to make ssh only accept one RSA key and deny all others?
...:::Pure Kn0wledge:::...
-
August 10th, 2007, 02:34 PM
#2
What exactly are you trying to achieve?
I can probably help.
Steve
IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com
-
August 10th, 2007, 03:03 PM
#3
Heres a link that might help you.
http://www.urbanpuddle.com/articles/...cking-down-ssh
It does not have locking down your SSH by using RSA keys, but it comes close I think.
A few other things you can do, I think our helpfull is the following:
1. Change the SSH Port
2. Disallow root login..make 1 user a wheel user, so only that user can do a SU to root.
3. Install a BFD detection program...I use a program on my linux boxes called BFD, and APF.
BFD checks for brute force attempts, logs them, then after the set # of attempts have been reached, it passes it on to the APF program which then creates a IPTable rule, and bans the IP from the server.
Pretty good stuff actually.
-
August 10th, 2007, 05:08 PM
#4
Cheyenne love the idea will put it in to use. and Steve as far as what i'm trying to achieve, i wanted to be able to ssh into my linux box from the web since work gets so boring, but I didn't want to have it open for the world. So if I could restrict it to refuse logins to every machine but or a certain security key (like the xx:xx:xx:xx:xx number it asks you to accept I believe the first time you ssh to it).
...:::Pure Kn0wledge:::...
-
August 10th, 2007, 06:53 PM
#5
OK
On the home machine add to /etc/ssh/ssh_config:
Protocol 2
PasswordAuthentication no
ChallengeResponseAuthentication no
AllowUsers yourusernamehere
This limits logins only to your username and prevents password authentication.
On you work machine run ssh-keygen -t dsa
From your work machine copy ~/.ssh/id_dsa.pub to your home machine /home/yourusernamehere/athorized_keys
Make sure that after the copy it is chmod 600
From work issue ssh yourusernamehere@your.home.machine and you should connect.
Connections will be then limited to only the work machine.
If you want to make it more secure I think you can add passphrases when you ssh-keygen - man ssh-keygen for help.
Steve
IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com
Similar Threads
-
By xmaddness in forum Microsoft Security Discussions
Replies: 1
Last Post: November 11th, 2005, 08:36 PM
-
By hiddeninclouds in forum Web Development
Replies: 2
Last Post: January 21st, 2004, 07:59 PM
-
By sk8 in forum Newbie Security Questions
Replies: 11
Last Post: November 18th, 2003, 03:23 AM
-
By Gnitzman in forum Programming Security
Replies: 10
Last Post: May 12th, 2002, 06:23 AM
-
By micael in forum Security Archives
Replies: 1
Last Post: December 20th, 2001, 09:24 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|