On Tue, 27 Mar 2012 21:19:53 +0200 [email protected] (Michał Masłowski) wrote:
> > This guide [1] recommends to change ListenAddress to 192.168.0.1 and > > Port to 666. (I want to use another port (and another address). Does > > it matter? 666 is used by Doom. [2]) > > It's ok if you don't use Doom or other services on port 666 and your > firewall/ISP doesn't prevent you from connecting to it. For correctly > configured sshd, changing port should just lower the amount of login > attempts by bots, it's practically impossible for them to succeed when > only public key authentication is enabled (and they don't know your > private key and you haven't used a bad random number generator to make > the key pair). I'd also suggest installing 'fail2ban'. Work out of the box with SSH, helps prevent dictionary attacks and can be configured to work with dozens of other services. > > How to use SSH with a non-standard port? Will it be something like > > this: ssh -i ~/.ssh/id_rsa <server's ip>:<new port number>? You used -i earlier as well. If you only have one key for your user, ssh will pick the correct one by default. No need to specify. > > Is there a need for a username@ prefix before the server's ip (I > > changed PermitRootLogin to no)? If you log in with the same username on both hosts, you can leave it. > I have this fragment in ~/.ssh/config: > > Host parabola > Port 1863 > HostName repo.parabolagnulinux.org > User repo > IdentityFile ~/.ssh/id_rsa > > If I don't specify the username@ prefix when connecting to parabola, > it will connect as user "repo" (by default the local user name is > used). Using .ssh/config is good advice, and I'd definitely suggest you try it out. I've got ~15 different Host entries, some of which contain wildcards (eg *.gnewsense.org). Helps if any defaults need setting, or if you want to use rsync over ssh. thanks, kk -- Karl Goetz, (Kamping_Kaiser / VK7FOSS) http://www.kgoetz.id.au No, I won't join your social networking group *** I've changed GPG key to 6C097260 ***
signature.asc
Description: PGP signature
_______________________________________________ gNewSense-users mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/gnewsense-users
