On Apr 22, 2008, at 2:55 PM, Lonnie Olson wrote:
On Tue, 2008-04-22 at 11:55 -0600, Steve Morrey wrote:
Or just set it to something way off in the boonies but be consistent
about
it.
For instance almost all of my servers have SSH at 2774 which if you
look at
it on a phone turns out to be 2SSH or my secondary SSH port. How
hard
is it
to type ssh myserver.com -luser -p2774
For the extra bonus of rarely (or never) seeing a dictionary attack I
think
the extra 6 keystrokes are totally worth it. But you do have to use
something you can remember and use it consistently
First of all, I see tons of extra keystrokes in there.
Most of the time I just type "ssh server". That's it, username is the
same everywhere, and the port is always the default. It would take an
additional *7* characters to change the port " -p2774", don't forget
that space, it still counts. Also compare the 7 extra characters in
relation to the total command. "ssh server" 10 chars vs. "ssh
server -p
2774" 17 chars. Almost a 60% increase in the length of the
command. To
me, 60% is *not* negligible.
Also consider the number of times a day I actually run ssh, about
30-60
times a day on average. It is a big deal.
So I see two options to reduce the work to a one time operation:
1. setup my ~/.ssh/config file for all possible contingencies
or
2. Secure my public ssh servers very carefully.
I'll leave it on port 22, and just practice good security.
--lonnie
60% increase? Boy, that sounds serious.
How much would you pay to learn how to have a 90%+ reduction in the
total characters you have to type to access that remote server?
Want to know my secret?
For servers I frequently access, I just create a one-liner shell
script in my path. For instance, there are 2 servers at the office
and 2 at my home that I frequently get into. The commands to get into
them are as follows:
jake
elwood
holodeck
bridge
The average length of these commands is (4 + 6 + 8 + 6) / 4 = 6.
That's only 6 measly keystrokes to get into one of these servers!
Imagine, if I had named them something like aa, bb, cc, dd, it would
only be 2 keystrokes / server. Huge reduction! Or what if I had gone
completely crazy and named the scripts with a single character! Wow!
No additional *7* characters each time, and I cut out the ssh (don't
forget the space, it counts!), but I still connect on a non-standard
port, from an authorized host, using public key encryption to auth.
So, with a little shell script, let's see just how much of that
tedious old typing we can eliminate:
Old way:
ssh -l admin -p2774 208.100.143.156 = 35 characters
New way:
a = 1 character
35 vs 1 character - that's close to a 98% reduction in the number of
characters you need to type!
Think of the savings! Think of the efficiency! Think of the reduced
costs to your life because you don't get carpal tunnel!
-- Kimball
/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe: http://plug.org/mailman/options/plug
Don't fear the penguin.
*/
