[gentoo-user] SSH + Keys
Good Morning Folks: I have been doing some reading over the last day or two about a SSH bot attack that is occurring in some places. I will be the first to admit that I have been a bit lax with my ssh security (allowing root logins etc). This problem has inspired me to get things cleaned up, and flying right again. I have already modified my ssh config to prevent root logins via ssh, so that hole is closed. In talking to a friend yesterday, he suggested using key based authentication to further protect my servers, which sounds like a great idea. The problem is that I have no idea how to set it up. A google search turned up the Gentoo pages on keychain, which does not sound exactly like what he was talking about (he mentioned a key carried on a JUMP drive (usb stick)) I am using gentoo (and fedora (soon to be converted) servers) and PUTTY. If someone can offer suggestions, or point me in the right direction, I would be most appreciative. Timothy A. Holmes IT Manager / Network Admin / Web Master / Computer Teacher Medina Christian Academy A Higher Standard... Jeremiah 33:3 Jeremiah 29:11 Esther 4:14 -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] SSH + Keys
On Mar 8, 2006, at 8:31 AM, Timothy A. Holmes wrote: Good Morning Folks: I have been doing some reading over the last day or two about a SSH bot attack that is occurring in some places. I will be the first to admit that I have been a bit lax with my ssh security (allowing root logins etc). This problem has inspired me to get things cleaned up, and flying right again. I have already modified my ssh config to prevent root logins via ssh, so that hole is closed. In talking to a friend yesterday, he suggested using key based authentication to further protect my servers, which sounds like a great idea. The problem is that I have no idea how to set it up. A google search turned up the Gentoo pages on keychain, which does not sound exactly like what he was talking about (he mentioned a key carried on a JUMP drive (usb stick)) I am using gentoo (and fedora (soon to be converted) servers) and PUTTY. If someone can offer suggestions, or point me in the right direction, I would be most appreciative. step one...on the box you'll be connecting FROM, run ssh-keygen -t rsa (or dsa). It will ask you the name of the file to save it to, take the default. Put a passphrase on it. step two...that created id_dsa.pub (which is what you get if you pick dsa above) in your ~/.ssh directory. copy that id_dsa.pub up to a server you want to connect to step three...since you've turned off root logins, you have a user on that box. copy that id_dsa.pub file into the ~/.ssh/authorized_keys file on the target system. note that if you have to create that directory yourself, you'll probably have to remove group-write permissions before this will work. step four...verify that in the target server's sshd_config file, PubkeyAuthentication is set to yes that should allow you to ssh targetservername...you'll be asked for a password, but that's to access the key on your LOCAL box. add a -vv and you'll see all kinds of cool stuff. Note that I also move ssh from port 22 to some other port, and in my local box, in .ssh, create a file called config. In that I put: Host * User john port xxx this says for all hosts i ssh to, use port 26, and username john at the far end. you can replace the * with individual host names (as resolved via dns or hosts file) to have different usernames on different boxes and different ports per host. I've had NO ssh portscans on my boxes since I moved them off of port 22. for security's sake, i won't tell you where I moved them to :) -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] SSH + Keys
John Jolet wrote: this says for all hosts i ssh to, use port 26, and username john at the [...] I've had NO ssh portscans on my boxes since I moved them off of port 22. for security's sake, i won't tell you where I moved them to :) Missed something? :) -- Naga -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] SSH + Keys
On Mar 8, 2006, at 9:02 AM, Nagatoro wrote: John Jolet wrote: this says for all hosts i ssh to, use port 26, and username john at the [...] I've had NO ssh portscans on my boxes since I moved them off of port 22. for security's sake, i won't tell you where I moved them to :) Missed something? :) is that a question or statement? What do you mean? -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] SSH + Keys
On Wednesday 08 March 2006 16:06, John Jolet wrote: is that a question or statement? What do you mean? You said: I've had NO ssh portscans on my boxes since I moved them off of port 22. for security's sake, i won't tell you where I moved them to :) but at the beginning of your message you said: this says for all hosts i ssh to, use port 26, and username john at the so, you said that you use port 26 for ssh before saying that you won't tell what port you moved ssh to. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] SSH + Keys
On Wed, 8 Mar 2006, John Jolet wrote: I've had NO ssh portscans on my boxes since I moved them off of port 22. for security's sake, i won't tell you where I moved them to :) I dont think moving ssh from port 22 will stop portscans but it will stop brute force attacks directly on port 22. I prefer to just run denyhosts on my servers instead: # eix denyhosts * app-admin/denyhosts Available versions: 1.1.2 1.1.2-r1 2.1 Installed: 2.1 Homepage:http://www.denyhosts.net Description: DenyHosts is a utility to help sys admins thwart ssh hackers Found 1 matches -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] SSH + Keys
On Mar 8, 2006, at 10:06 AM, Etaoin Shrdlu wrote: On Wednesday 08 March 2006 16:06, John Jolet wrote: is that a question or statement? What do you mean? You said: I've had NO ssh portscans on my boxes since I moved them off of port 22. for security's sake, i won't tell you where I moved them to :) but at the beginning of your message you said: this says for all hosts i ssh to, use port 26, and username john at the so, you said that you use port 26 for ssh before saying that you won't tell what port you moved ssh to. oops. well i guess i'll move it again :) -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] SSH + Keys
On Mar 8, 2006, at 9:54 AM, A. Khattri wrote: On Wed, 8 Mar 2006, John Jolet wrote: I've had NO ssh portscans on my boxes since I moved them off of port 22. for security's sake, i won't tell you where I moved them to :) I dont think moving ssh from port 22 will stop portscans but it will stop brute force attacks directly on port 22. Perhaps I was unclear. I haven't seen the large numbers of attempted logins with obvious dictionary lists of usernames on ssh since I moved it. I'll have to look into denyhosts...what does it do? I can't predict where I might be coming from, as I'm frequently at client locations and travelling. I prefer to just run denyhosts on my servers instead: # eix denyhosts * app-admin/denyhosts Available versions: 1.1.2 1.1.2-r1 2.1 Installed: 2.1 Homepage:http://www.denyhosts.net Description: DenyHosts is a utility to help sys admins thwart ssh hackers Found 1 matches -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list