On Friday 30 December 2005 00:02, Robert Kulagowski wrote: > >>This of course won't happen behind a properly configured firewall, > >> correct? > >> > >>Darren Hart wrote: > >>>I'm sure nobody here is dumb enough to do this, but since I was, > >>>thought I'd pass the word. > >>> > >>>There is an ssh attack going around with a brute force login using > >>>2187 different username/password pairs, one such pair happens to be: > >>> > >>>mythtv:mythtv > > If you need to use ssh from outside your firewall, you could do what > I've done; get rid of a password-based logon alltogether and use public > / private keys. > > Since I use putty at work, it's what I'm familiar with. In a Windows > environment: > > 1) Download putty, puttygen and pageant from > http://www.chiark.greenend.org.uk/~sgtatham/putty/ > > 2) Run puttygen to generate a public / private keypair. > 3) Take the public key portion (it's just text) and paste it into > ~/.ssh/authorized_keys > 4) Edit /etc/pam.d/ssh and look for the line: > # Standard Un*x authentication. > @include common-auth > > Put a "#" infront of @include common-auth so that it's: > [EMAIL PROTECTED] common-auth > > This will restrict ssh from looking at /etc/passwd and /etc/shadow > 5) Create a passphrase for the key that you just created. Take the > private key that puttygen created for you and save it. You'll need it > _every_ time you login from that point on, even internally. If you're > using putty, you'll need to provide the filename in connection > ssh > > auth when you're setting up your connection profile. > 6) If you don't want to keep typing your passphrase every time, load the > private key into pageant; you type it in once, and then if you use putty > to login, pageant will supply the passphrase automatically. > _______________________________________________
I've been meaning to give this method a try since I ssh from my laptop to my two servers constantly. Hopefully your writeup will translate well to an all linux environment. thanks! -- Steve _______________________________________________ mythtv-users mailing list [email protected] http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users
