Help answer threads with 0 replies.
Go Back > Blogs > Angelo Fo. personal blog
User Name


Angelo Fo. Blog [My OpenSource Project News, previews & announcements of my free posts on]

In this blog I'll talk you about my projects about GNU/Linux and solutions regarding security, software development and my own FOSS projects.

I will also publish "previews & announcements" of my free posts on DigitalPatch (Security Blog)

Note: Digital Patch Posts by Angelo Fonzeca are licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 Unported License and are based on a work at

NOTE: If you are interested in IT Security, join us at "GNU/Linux Security & Hardening" group on Linkedin
Rate this Entry

OpenSSH daemon hardening ( Part 2 ) - How to use RSA/DSA Keys [ANNOUNCEMENT]

Posted 12-10-2010 at 08:19 AM by angelo.fonzeca
Updated 12-13-2010 at 06:30 AM by angelo.fonzeca

[Note: This is a draft version of the post; it'll be revised as soon as possible]


In my previous post, I explained you how to configure OpenSSH for improving its security. By the way, if your SSH service is available on the Internet and accessible by any IP address (e.g. You connect your client on the internet with a dynamic IP address and/or you want reach your server from anywhere...), it can be more exposed to brute force attacks! So a new "hardening procedure" is necessary!

In this case, a good idea is the use of RSA/DSA Keys, instead of a couple of "username/password".

RSA/DSA Keys may be considered a sort of "long and complex" password, which replace the classical "login", and identify in unique manner the owner of the credential.

I talk about DSA/RSA because the setup procedure is the same, but you have the oppurtunity to choose two different types of key generation algorithm with OpenSSH:

RSA ( )

DSA ( )

How does the RSA/DSA keys authentication method works?

RSA/DSA Keys authentication scheme follows this logic:

1) The sysadmin (You...) generates a pair of RSA/DSA Keys on his system (one is the "private key" and the other one is the "public key")
2) After that, his public RSA/DSA key will be published (copied) to the home directory of the remote server account that will be used for RSA/DSA authentication (The system admin will repeats this step for each server he wants to manage/access)
3) Only the owner of a private key (the sysadmin) can have access to systems containing his public rsa/dsa key
4) If the sysadmin connects to a server specifying on his pc client the rsa keys path, he will have "direct" access to the called system without inserting any password. Indeed his openssh client will search the private key of the sysadmin and uses it for accessing the remote server in the same manner of the classical login... But in the case... the machines handshake (client with server) will be done automatically by using keys.

Post continues on DigitalPatch
Posted in Linux Security
Views 1425 Comments 0
« Prev     Main     Next »
Total Comments 0




All times are GMT -5. The time now is 10:01 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration