LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 01-23-2007, 10:54 AM   #1
dansawyer
Member
 
Registered: Mar 2005
Posts: 124

Rep: Reputation: 15
ssh (openssh) 101 - basic questions


All,

The systems are fc6 with openssh installed. I have the O'Reilly book for backup. My question is:

How to set up a ssh login between system A, client, and system B, server?

I tried following some instructions about making and passing a key, however it still asks for a password. Lets assume the user 'john' is configured on both systems. Where is there a howto to configure ssh (openssh) for john on client A to log into server B?

I realize this is basic. However server, which is a firewall, is being hammered by attacks on a regular basis and I would like to configure it to not allow ssh password logins.

Thanks - Dan
 
Old 01-23-2007, 11:30 AM   #2
kilgoretrout
Senior Member
 
Registered: Oct 2003
Posts: 3,006

Rep: Reputation: 395Reputation: 395Reputation: 395Reputation: 395
This article is pretty good:

http://tips.linux.com/article.pl?sid...045226&tid=100

The important thing to remember is when generating the key, just hit the Enter key when it asks for a passphrase or the key will be associated with whatever passphrase you give and you will always have to give the passphrase when using the key. There are some security issues in doing this since anyone that gets your public key will have automatic ssh access to your box.
 
Old 01-23-2007, 12:06 PM   #3
dansawyer
Member
 
Registered: Mar 2005
Posts: 124

Original Poster
Rep: Reputation: 15
After attempting to follow a script I noticed that one of the pair, server, defaults to rsa while client defaults to dsa. Where are these defaults configured?

fyi Sever is bog standard fc6 while client has a custom kernel.

- Dan
 
Old 01-23-2007, 01:11 PM   #4
kilgoretrout
Senior Member
 
Registered: Oct 2003
Posts: 3,006

Rep: Reputation: 395Reputation: 395Reputation: 395Reputation: 395
The file is /etc/ssh/ssh_config on the client and /etc/ssh/sshd_config on the server. If your using public key authentication you should disable any other mode of authentication. Here's another article for you on how to set that up:

http://www.g-loaded.eu/2005/11/10/ssh-with-keys/

It goes into a little more detail re the config files and how to add some extra security. It's a little intimedating at first, but once you fool around with it a bit, you will get the hang of it.

For your particular issue, from the above article, you probably don't have this uncommented in sshd_config on the server:

HostKey /etc/ssh/ssh_host_dsa_key
 
Old 01-23-2007, 01:34 PM   #5
dansawyer
Member
 
Registered: Mar 2005
Posts: 124

Original Poster
Rep: Reputation: 15
Thanks for the tips. It is now working.

I would like to configure all the systems to one key type - say dsa. If I set "HostKey /etc/ssh/ssh_host_dsa_key" in sshd_config files and re-login will it re-set the knownhosts to rsa?

Does this even matter?

Thanks - Dan
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Linux 101: Establish more effective security capabilities with OpenSSH LXer Syndicated Linux News 0 07-22-2006 05:03 PM
again :( help me with these LPI 101 questions marsguy Linux - Certification 17 04-05-2005 02:27 PM
101 tiny bugs and questions... qwijibow Slackware 7 06-28-2004 06:55 PM
SSH Vulnerabilities and OpenSSH mikeyt_333 Linux - Security 3 01-10-2003 12:15 AM
SSH/OpenSSH mikesvx1 Linux - Security 2 12-21-2001 06:18 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:50 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration