Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
|
12-26-2006, 04:47 AM
|
#16
|
Member
Registered: Dec 2006
Posts: 30
Original Poster
Rep:
|
Thank You
I would like to Thank Everyone that helped me out with this issue we did manage to resolve it as i mentioned before by using TCP Wrapper by allowing only my ip range in SSH and it has fixed the problem since i have not recieved any issues now with SSH.
|
|
|
12-26-2006, 09:19 PM
|
#17
|
Senior Member
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
|
Quote:
Originally Posted by punjabipredator
I asked my support about putty before you mentioned it because i heard from somewhere that it can generate they key and they said the following to me
The key can be generated on a system with Openssh running as you have to use the ssh -keygen to generate the key.You may use a linux machine with Openssh running in it.The key generation cannot be done in putty
|
That support person is ignorant. The puttygen program can create public & private keys and you can just copy & paste the output from the top of the window into your Linux box, since it's OpenSSH format (PuTTY does not save it's files in OpenSSH format, but when you generate a key it shows you the OpenSSH public key output).
Note that the putty.exe program does not generate keys, it's the puttygen.exe program. If you only downloaded putty.exe instead of the full installer, then you do not have puttygen.exe.
|
|
|
12-26-2006, 10:07 PM
|
#18
|
Member
Registered: Dec 2006
Posts: 30
Original Poster
Rep:
|
Quote:
Originally Posted by chort
That support person is ignorant. The puttygen program can create public & private keys and you can just copy & paste the output from the top of the window into your Linux box, since it's OpenSSH format (PuTTY does not save it's files in OpenSSH format, but when you generate a key it shows you the OpenSSH public key output).
Note that the putty.exe program does not generate keys, it's the puttygen.exe program. If you only downloaded putty.exe instead of the full installer, then you do not have puttygen.exe.
|
I will try it out when i have alot of spare time. Thank You Chort.
The attacks have stopped with the ip range on the SSH i noticed i did get any users trying to break into my server today.
Last edited by punjabipredator; 12-26-2006 at 10:12 PM.
|
|
|
12-30-2006, 03:09 AM
|
#20
|
LQ Guru
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733
|
You can also install cygwin/x on your windows machine. Then you can use ssh-keygen, and ssh itself to connect to a remote server. You could also use "ssh -X" to be able to run a gui program remotely, but read up on security first. I don't think the udp packets will travel through the tunnel.
Last edited by jschiwal; 12-31-2006 at 02:00 AM.
|
|
|
01-01-2007, 07:45 PM
|
#21
|
LQ Guru
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 10,887
|
There is only one way to "secure" SSH ... digital certificates.
You can't use "username/password" at all.
|
|
|
01-04-2007, 09:19 AM
|
#22
|
Senior Member
Registered: Sep 2002
Location: Nashville, TN
Posts: 1,552
Rep:
|
Quote:
Originally Posted by punjabipredator
The key can be generated on a system with Openssh running as you have to use the ssh -keygen to generate the key.You may use a linux machine with Openssh running in it.The key generation cannot be done in putty.
|
Create the key with puttygen. Putty will show you the key to paste into your authorized_keys file.
As far as securing SSH access:
- Limit client sources if possible
- Limit accounts that can login
- Force key authentication to eliminate brute force attacks
- Throttle incoming connections
|
|
|
All times are GMT -5. The time now is 02:13 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|