Bob La Quey wrote: > On Sat, Aug 23, 2008 at 10:36 PM, Carl Lowenstein > <[EMAIL PROTECTED]> wrote: >> On Sat, Aug 23, 2008 at 10:33 PM, Joshua Penix <[EMAIL PROTECTED]> wrote: >>> On Aug 23, 2008, at 5:40 PM, Andrew Lentvorski wrote: >>> >>>> Now, if I could only find a way to block any host that attempts a try and >>>> fails. >>> Install DenyHosts and set its tolerance to one. The instant a failure shows >>> up in the log, it will stuff the offending IP into hosts.deny (or insert a >>> firewall rule if you choose). >>> >> Just be careful you don't fumble-finger your own password and lock yourself >> out. >> >> carl >> -- > > This is precisely my problem. I could never live with a system that > would lock me outon a single attempt at login. > > This might be OK for Andrew though since he is using keys. Maybe I > should figure out how to do that.
There's nothing much difficult to it, but there is often confusion because there are lots of options and the command syntax is never intuitive, of course. In my way of looking at it, there are 3 phases of getting it to work conveniently. 1. Client key generation & installation of client's pubkey at the server 2. Client command syntax and optional shortcuts.. eg, ~/.ssh/config 3. Optional conveniences (and risk) .. eg, ssh-agent There are many resources containing variations of common recipes, eg: http://www.kernel-panic.org/wiki/SSH/?searchterm=ssh If you have tried and are having problems, how far did you get, and what seems to be the problem? Regards, ..jim -- KPLUG-List@kernel-panic.org http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
