LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 01-14-2013, 03:32 AM   #1
Toreddo
LQ Newbie
 
Registered: Jan 2013
Posts: 4

Rep: Reputation: Disabled
How can I safely edit my SSH configuration?


Hello everyone,

I have a VPS running Ubuntu 10.04. Because it's a VPS, I do not have physical access to it. I would like to change a couple of settings in my SSH configuration file, including the port and some security measurements. But I am afraid I will lock myself out of my server. Google couldn't tell me anything I could use to build a safety to get back in if I happen to lock myself out.

I am thinking of a rather strange way of doing it; create a cron that will run a script that replaces my sshd config file with the original one and restart ssh every 15 minutes. So if I lock myself out, that script will restore the settings within 15 minutes.

I hope someone knows a better way, where I don't have to rely on a cron.

Thanks in advance!
 
Old 01-14-2013, 03:36 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,398

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
restarting ssh won't actually drop any existing conenctions, so you can have two windows, one to test and one to update config.

Don't change the port unless you need to. Doing for the sake of it is pointless at best.
 
Old 01-14-2013, 03:43 AM   #3
Toreddo
LQ Newbie
 
Registered: Jan 2013
Posts: 4

Original Poster
Rep: Reputation: Disabled
Thank you, that works indeed!

Wouldn't changing the port protect you at least from automated attacks?
 
Old 01-14-2013, 03:45 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,398

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
makign things obscure theoretically will stop things hitting it, but it makes things more complicated, and with root access disabled etc, there's no real benefit. It can make people lazy and think that as the port is changed, I don't need to actually bother making it properly secure.
 
Old 01-14-2013, 04:15 AM   #5
linosaurusroot
Member
 
Registered: Oct 2012
Distribution: OpenSuSE,RHEL,Fedora,OpenBSD
Posts: 778
Blog Entries: 2

Rep: Reputation: 199Reputation: 199
Starting a second sshd on a different port is a good way to test that configuration without disturbing your first one.

Changing ports to avoid attacks is fairly pointless as the SSH service is recognisable on any port. I suggest requiring key rather than password authentication on Internet-facing servers. And keep the s/w up to date.
 
Old 01-15-2013, 04:20 AM   #6
Toreddo
LQ Newbie
 
Registered: Jan 2013
Posts: 4

Original Poster
Rep: Reputation: Disabled
Thank you guys, I managed to secure my SSH access without locking myself out. I have another question though about security if I may. I set up an RSA key between my server and my client, and disabled PasswordAuthentication. But I want to be able to login with my tablet if I'm on the road, in case of an emergency. Unfortunately it doesn't support RSA keys... What would be the best way to open a connection for my tablet but don't affect the security? I was thinking of using the same account I use on my client and make its password 40 characters long, set MaxAuth to 1, and use the following http://jelledepot.blogspot.nl/2011/0...ation-per.html to only enable PasswordAuthentication for that user. Would that be a good way to set it up?

Thanks in advance!
 
Old 01-15-2013, 05:03 AM   #7
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,398

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
Yeah, that sounds reasonable.

If you're using a password that long though, understand what passwords are really for... http://xkcd.com/936/
 
Old 01-15-2013, 05:44 AM   #8
Toreddo
LQ Newbie
 
Registered: Jan 2013
Posts: 4

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by acid_kewpie View Post
Yeah, that sounds reasonable.

If you're using a password that long though, understand what passwords are really for... http://xkcd.com/936/
Yes I've seen that before, thats why I want a 40 character password and not a !22j3@! password, haha.

Thanks
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Should I edit my mtrr configuration? CoffeeKing!!! Linux - Hardware 5 12-27-2008 02:22 PM
How to edit configuration LinuxNewKnight Mandriva 1 04-26-2006 05:49 AM
can you apply 2.6.x kernel config to 2.4.x safely/somewhat safely? silex_88 Linux - Software 3 12-09-2005 11:38 PM
How do I edit my X configuration? bad_andy Linux - Newbie 5 09-02-2004 06:41 PM
Gnome: How to safely edit the menu arthur1968 Debian 5 12-04-2003 07:08 PM


All times are GMT -5. The time now is 07:26 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration