LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-26-2005, 08:47 AM   #1
Wimpie22
Member
 
Registered: May 2003
Posts: 85

Rep: Reputation: 15
Controlling remote acces SSH


Hello,

I want to remote acces my Server with SSH

But can i secure it so only if the remote site has the public key for the server can acces the server and if not then they can not acces the server

Now everytime im remote and i don't have the public key it wil send to my bij SSH can i change that?


Greetings from Holland

Wimpie
 
Old 07-26-2005, 10:16 AM   #2
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 10,599
Blog Entries: 4

Rep: Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905
SSH can try several authentication-methods, and it will (rather stupidly...) "fall down" to simpler and simpler authentication-methods when a more stringent one is unsuccessful. But the configuration-file does provide controls.
 
Old 07-27-2005, 09:47 AM   #3
Wimpie22
Member
 
Registered: May 2003
Posts: 85

Original Poster
Rep: Reputation: 15
So can i config SSH so that is won't send its public key when the remote client don't have a key

so that i can open port 22 and only if someone have the public key he can acces the server?

Tnx
 
Old 07-27-2005, 11:02 AM   #4
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 10,599
Blog Entries: 4

Rep: Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905
Oh, I see your question now. Well you see, ssh has to send its public key so that the client can encrypt traffic using it and send that traffic back.

Public keys are a necessary part of the key-exchange process that is used in the initial handshaking of any conversation. It allows the two sides to agree upon necessary communication parameters without being "overheard."

It is very important to understand that a public-key system uses two keys. A message that is encrypted using one of the keys can only be decrypted using the other. Once supplied with the public key, the client can safely send a message to the server knowing that only the server can decrypt it.
 
Old 07-27-2005, 12:08 PM   #5
Wimpie22
Member
 
Registered: May 2003
Posts: 85

Original Poster
Rep: Reputation: 15
Yes i no but if i have the public key to encrypt i want to stop ssh with sending its public key

I want to open port 22 so only me can acces it with ssh but now when someone connects to my server its sending the public key so its not so save to keep the port 22 open
 
Old 07-27-2005, 12:14 PM   #6
C0NIk
LQ Newbie
 
Registered: Oct 2003
Posts: 25

Rep: Reputation: 15
well , you can use ssh-keygen and make authorized key
 
Old 07-27-2005, 01:45 PM   #7
Wimpie22
Member
 
Registered: May 2003
Posts: 85

Original Poster
Rep: Reputation: 15
How can i do that please help me

i tried it before
 
Old 07-27-2005, 03:02 PM   #8
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 10,599
Blog Entries: 4

Rep: Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905
The first part of any public-key exchange always has one party sending its public key to the other. As far as I know there aren't any systems that pre-suppose that the other party already has a copy of the key.

The public key is supposed to be one that you can safely distribute without compromising security. And the private key will be the one that no one else must ever see.

You will see public-keys and "fingerprints" being exchanged between an SSL client and server, no matter what kind of authentication you may use. In addition to this use of "public keys," you may also see public keys being exchanged in the form of "digital certificates."

I did a Google search on ssh tutorial OR howto "public key" and found tons of better explanations...
 
Old 07-27-2005, 03:08 PM   #9
Wimpie22
Member
 
Registered: May 2003
Posts: 85

Original Poster
Rep: Reputation: 15
But is it save to open port 22 to the internet
 
Old 07-27-2005, 04:33 PM   #10
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 10,599
Blog Entries: 4

Rep: Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905
Yes. Make sure that it's linked to an up-to-date sshd and that this daemon will not accept a connection from anyone at all without a security certificate issued by you. Do not rely upon passwords. Do not allow logins to root from anyone anywhere.

Presumably you are opening the ssh port for your own convenience. [Have you considered buying a router that supports Virtual Private Networking (VPN)?] Therefore the daemon should be equipped to recognize you, and to simply give outsiders no chance to present a user/password.

If I were opening a system up, I would start with VPN (using certificates there too, of course...) and if someone manages to get through that layer he's staring at an SSH that wants to see another credential. "First he must get over the moat, only then can he reach the porticullis..." Layers of security.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
remote controlling linux pc fred22 Linux - Networking 2 01-10-2005 10:01 PM
Remote acces to my x session eloicases Linux - Networking 2 06-15-2004 06:49 AM
I only have read acces on remote connection Stuartb21 Linux - Networking 1 02-12-2004 05:45 PM
no acces with ssh kvtournh Linux - Networking 3 12-11-2003 08:29 AM
remote acces newbe45 Linux - Newbie 5 07-22-2003 05:42 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:23 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration