What is the best way to secure SSH?

punjabipredator · 12-26-2006, 04:47 AM

I would like to Thank Everyone that helped me out with this issue we did manage to resolve it as i mentioned before by using TCP Wrapper by allowing only my ip range in SSH and it has fixed the problem since i have not recieved any issues now with SSH.

chort · 12-26-2006, 09:19 PM

Quote:

Originally Posted by punjabipredator

I asked my support about putty before you mentioned it because i heard from somewhere that it can generate they key and they said the following to me

The key can be generated on a system with Openssh running as you have to use the ssh -keygen to generate the key.You may use a linux machine with Openssh running in it.The key generation cannot be done in putty

That support person is ignorant. The puttygen program can create public & private keys and you can just copy & paste the output from the top of the window into your Linux box, since it's OpenSSH format (PuTTY does not save it's files in OpenSSH format, but when you generate a key it shows you the OpenSSH public key output).

Note that the putty.exe program does not generate keys, it's the puttygen.exe program. If you only downloaded putty.exe instead of the full installer, then you do not have puttygen.exe.

punjabipredator · 12-26-2006, 10:07 PM

Quote:

Originally Posted by chort

That support person is ignorant. The puttygen program can create public & private keys and you can just copy & paste the output from the top of the window into your Linux box, since it's OpenSSH format (PuTTY does not save it's files in OpenSSH format, but when you generate a key it shows you the OpenSSH public key output).

Note that the putty.exe program does not generate keys, it's the puttygen.exe program. If you only downloaded putty.exe instead of the full installer, then you do not have puttygen.exe.

I will try it out when i have alot of spare time. Thank You Chort.

The attacks have stopped with the ip range on the SSH i noticed i did get any users trying to break into my server today.

sysconfig · 12-30-2006, 02:55 AM

I am not sure but below mentioned URL should help in securing and configuration of SSH in RHEL

http://forums.linuxwebadmin.info/ind...pic,136.0.html

Thanks,

Mitul Savani

jschiwal · 12-30-2006, 03:09 AM

You can also install cygwin/x on your windows machine. Then you can use ssh-keygen, and ssh itself to connect to a remote server. You could also use "ssh -X" to be able to run a gui program remotely, but read up on security first. I don't think the udp packets will travel through the tunnel.

sundialsvcs · 01-01-2007, 07:45 PM

There is only one way to "secure" SSH ... digital certificates.

You can't use "username/password" at all.

stickman · 01-04-2007, 09:19 AM

Quote:

Originally Posted by punjabipredator

The key can be generated on a system with Openssh running as you have to use the ssh -keygen to generate the key.You may use a linux machine with Openssh running in it.The key generation cannot be done in putty.

Create the key with puttygen. Putty will show you the key to paste into your authorized_keys file.

As far as securing SSH access:
- Limit client sources if possible
- Limit accounts that can login
- Force key authentication to eliminate brute force attacks
- Throttle incoming connections