Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
01-23-2007, 10:54 AM
|
#1
|
Member
Registered: Mar 2005
Posts: 124
Rep:
|
ssh (openssh) 101 - basic questions
All,
The systems are fc6 with openssh installed. I have the O'Reilly book for backup. My question is:
How to set up a ssh login between system A, client, and system B, server?
I tried following some instructions about making and passing a key, however it still asks for a password. Lets assume the user 'john' is configured on both systems. Where is there a howto to configure ssh (openssh) for john on client A to log into server B?
I realize this is basic. However server, which is a firewall, is being hammered by attacks on a regular basis and I would like to configure it to not allow ssh password logins.
Thanks - Dan
|
|
|
01-23-2007, 11:30 AM
|
#2
|
Senior Member
Registered: Oct 2003
Posts: 3,006
|
This article is pretty good:
http://tips.linux.com/article.pl?sid...045226&tid=100
The important thing to remember is when generating the key, just hit the Enter key when it asks for a passphrase or the key will be associated with whatever passphrase you give and you will always have to give the passphrase when using the key. There are some security issues in doing this since anyone that gets your public key will have automatic ssh access to your box.
|
|
|
01-23-2007, 12:06 PM
|
#3
|
Member
Registered: Mar 2005
Posts: 124
Original Poster
Rep:
|
After attempting to follow a script I noticed that one of the pair, server, defaults to rsa while client defaults to dsa. Where are these defaults configured?
fyi Sever is bog standard fc6 while client has a custom kernel.
- Dan
|
|
|
01-23-2007, 01:11 PM
|
#4
|
Senior Member
Registered: Oct 2003
Posts: 3,006
|
The file is /etc/ssh/ssh_config on the client and /etc/ssh/sshd_config on the server. If your using public key authentication you should disable any other mode of authentication. Here's another article for you on how to set that up:
http://www.g-loaded.eu/2005/11/10/ssh-with-keys/
It goes into a little more detail re the config files and how to add some extra security. It's a little intimedating at first, but once you fool around with it a bit, you will get the hang of it.
For your particular issue, from the above article, you probably don't have this uncommented in sshd_config on the server:
HostKey /etc/ssh/ssh_host_dsa_key
|
|
|
01-23-2007, 01:34 PM
|
#5
|
Member
Registered: Mar 2005
Posts: 124
Original Poster
Rep:
|
Thanks for the tips. It is now working.
I would like to configure all the systems to one key type - say dsa. If I set "HostKey /etc/ssh/ssh_host_dsa_key" in sshd_config files and re-login will it re-set the knownhosts to rsa?
Does this even matter?
Thanks - Dan
|
|
|
All times are GMT -5. The time now is 03:50 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|