Re: security on linux

Jim Garrison <jhg@xxxxxxxxxxxxxxx> writes:

General Schvantzkoph wrote:
On Sun, 13 May 2007 18:03:36 -0400, Randy Yates wrote:
StrictModes yes
RSAAuthentication yes
PermitEmptyPasswords no
PasswordAuthentication no


2. If I do this, then doesn't that mean that HDST must contain the
public
key of every HSRC host I want to login from in the account's
~/.ssh/authorized_keys? So that means that I can't login from an
arbitrary host? It is a requirement for me that I be able to login
from an arbitrary host.

It does mean that you can't login from an arbitrary host unless you carry
the private key on a FLASH key, that's what I do. I also have a key on my
Treo so I can ssh in from there also.

Be careful. This is the right way to set up SSH security, but
if you don't have local console access (i.e. the server is at a hosting
site halfway across the country) you have to do things in exactly the
right sequence to avoid locking yourself out.

1) Generate keypair on client system
2) Upload public key to ~/.ssh/authorized_keys on the server
3) TEST connection with command-line -i option
4) Change the sshd config and restart the sshd daemon

If you're doing all this from a remote system, as a last safety net,
don't logout from the SSH session in which you deploy the sshd
config. After you restart the sshd daemon (this won't kill the
existing session), open a second connection and re-verify that you
can connect using your private key. If that fails for some reason
you still have the first session to revert the SSH config and
troubleshoot.

I get what you mean, but this wasn't the scenario I had in mind. I'm
ssh'ing into my home machine from clients' sites.
--
% Randy Yates % "I met someone who looks alot like you,
%% Fuquay-Varina, NC % she does the things you do,
%%% 919-577-9882 % but she is an IBM."
%%%% <yates@xxxxxxxx> % 'Yours Truly, 2095', *Time*, ELO
http://home.earthlink.net/~yatescr
.

Relevant Pages

  • Re: security on linux
    ... Passwords can be guessed, public keys can't. ... login, and HDST denote the host TO which I want to login to. ... I'm running the ssh client on HSRC and the ssh server on HDST. ...
    (comp.os.linux.misc)
  • RE: sshd / ssh setup
    ... We have an Remote FreeBSD system which is located some where on the ... This method gives the maximum protection possible utilizing ssh. ... Host setup steps. ... Reboot your system to activate sshd and login as root. ...
    (freebsd-questions)
  • Re: SSH login delays
    ... On Mon, 2 Feb 2004, Javier Zayas javier_zayas-at-cuc.claremont.edu ... > to a host? ... the ssh login process proceeded MUCH faster. ...
    (SSH)
  • Re: security on linux
    ... key of every HSRC host I want to login from in the account's ... Treo so I can ssh in from there also. ... After you restart the sshd daemon (this won't kill the ...
    (comp.os.linux.misc)
  • Re: SSH login automation, get stuck at the last step.
    ... The ssh server that I am copying the public key to is not a typical ... The user "root" to login this box can not access the ... puts stderr "EXP username requested and sent " ...
    (comp.lang.tcl)