Angelo Fo. Blog [My OpenSource Project News, previews & announcements of my free posts on http://digitalpatch.blogspot.com]
In this blog I'll talk you about my projects about GNU/Linux and solutions regarding security, software development and my own FOSS projects.
I will also publish "previews & announcements" of my free posts on DigitalPatch (Security Blog)
Note: Digital Patch Posts by Angelo Fonzeca are licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 Unported License and are based on a work at http://digitalpatch.blogspot.com
NOTE: If you are interested in IT Security, join us at "GNU/Linux Security & Hardening" group on Linkedin
In this blog I'll talk you about my projects about GNU/Linux and solutions regarding security, software development and my own FOSS projects.
I will also publish "previews & announcements" of my free posts on DigitalPatch (Security Blog)
Note: Digital Patch Posts by Angelo Fonzeca are licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 Unported License and are based on a work at http://digitalpatch.blogspot.com
NOTE: If you are interested in IT Security, join us at "GNU/Linux Security & Hardening" group on Linkedin
OpenSSH daemon hardening ( Part 2 ) - How to use RSA/DSA Keys [ANNOUNCEMENT]
[Note: This is a draft version of the post; it'll be revised as soon as possible]
Introduction
In my previous post, I explained you how to configure OpenSSH for improving its security. By the way, if your SSH service is available on the Internet and accessible by any IP address (e.g. You connect your client on the internet with a dynamic IP address and/or you want reach your server from anywhere...), it can be more exposed to brute force attacks! So a new "hardening procedure" is necessary!
In this case, a good idea is the use of RSA/DSA Keys, instead of a couple of "username/password".
RSA/DSA Keys may be considered a sort of "long and complex" password, which replace the classical "login", and identify in unique manner the owner of the credential.
I talk about DSA/RSA because the setup procedure is the same, but you have the oppurtunity to choose two different types of key generation algorithm with OpenSSH:
RSA ( http://en.wikipedia.org/wiki/Rsa )
DSA ( http://en.wikipedia.org/wiki/Digital...ture_Algorithm )
How does the RSA/DSA keys authentication method works?
RSA/DSA Keys authentication scheme follows this logic:
1) The sysadmin (You...) generates a pair of RSA/DSA Keys on his system (one is the "private key" and the other one is the "public key")
2) After that, his public RSA/DSA key will be published (copied) to the home directory of the remote server account that will be used for RSA/DSA authentication (The system admin will repeats this step for each server he wants to manage/access)
3) Only the owner of a private key (the sysadmin) can have access to systems containing his public rsa/dsa key
4) If the sysadmin connects to a server specifying on his pc client the rsa keys path, he will have "direct" access to the called system without inserting any password. Indeed his openssh client will search the private key of the sysadmin and uses it for accessing the remote server in the same manner of the classical login... But in the case... the machines handshake (client with server) will be done automatically by using keys.
Post continues on DigitalPatch
Introduction
In my previous post, I explained you how to configure OpenSSH for improving its security. By the way, if your SSH service is available on the Internet and accessible by any IP address (e.g. You connect your client on the internet with a dynamic IP address and/or you want reach your server from anywhere...), it can be more exposed to brute force attacks! So a new "hardening procedure" is necessary!
In this case, a good idea is the use of RSA/DSA Keys, instead of a couple of "username/password".
RSA/DSA Keys may be considered a sort of "long and complex" password, which replace the classical "login", and identify in unique manner the owner of the credential.
I talk about DSA/RSA because the setup procedure is the same, but you have the oppurtunity to choose two different types of key generation algorithm with OpenSSH:
RSA ( http://en.wikipedia.org/wiki/Rsa )
DSA ( http://en.wikipedia.org/wiki/Digital...ture_Algorithm )
How does the RSA/DSA keys authentication method works?
RSA/DSA Keys authentication scheme follows this logic:
1) The sysadmin (You...) generates a pair of RSA/DSA Keys on his system (one is the "private key" and the other one is the "public key")
2) After that, his public RSA/DSA key will be published (copied) to the home directory of the remote server account that will be used for RSA/DSA authentication (The system admin will repeats this step for each server he wants to manage/access)
3) Only the owner of a private key (the sysadmin) can have access to systems containing his public rsa/dsa key
4) If the sysadmin connects to a server specifying on his pc client the rsa keys path, he will have "direct" access to the called system without inserting any password. Indeed his openssh client will search the private key of the sysadmin and uses it for accessing the remote server in the same manner of the classical login... But in the case... the machines handshake (client with server) will be done automatically by using keys.
Post continues on DigitalPatch
Total Comments 0
