Short tut on ssh keys and sshd config - checks for accuracy?
Hey I just finished my third edit of an article/tutorial I wrote on setting up RSA keys in OpenSSH and configuring SSHD to be a bit more secure than a fresh out of the box install.
I also removed any derogatories about sudu Linux that might have been there ;) Anyway, since it's kind of a big deal for anyone who uses it, and could potentially lock them out of their boxes I'd appreciate any comments related to the accuracy of the instructions, if you don't mind :) http://bit.ly/setup_ssh Kindest regards, |
Nice tutorial, found some useful bits. Thanks for sharing.
One thing I'd warn about is to be careful when changing sshd port in case there's a firewall enabled which blocks non-default ports. Very easy to get machine locked from yourself. |
Quote:
I added: Quote:
|
Nice job.
Not a biggie, but you may want to look at Code:
First, joeuser logs on to localbox, and then he creates the RSA key/pair: Code:
The -b flag in the first example sets the length of the keys to 2048 bits and in the second to 1024 bits. A Trick Learned During a Wasted Youth -- you can, on a user-by-user basis, use a ~/.ssh/config file to set options: on the host named fubar Code:
Host pita Anyway, nice, nice job. Hope this helps some. |
Hey thanks for the feedback! I went ahead and affected changes to the part about the options used, and opted to explain each one individually to alleviate most confusion that might have occured.
Also, when doing that, I realized that if I were following along, I would ask the question as to whether RSA or DSA was *better* ;) So I addressed that point by dodging the bullet. Really, people need to make an informed decision on that matter, and considering the work involved to switch, I figure that it's best to send them on their merry way to determine that for themselves. We all have our own take on it and also why, so I felt the reader should too. And the ~/.ssh/config file. Thanks for that too. I've never done that, and it's good to know. I've always had root and done it that way, but this is much better since and I'll be sure to implement it myself here and there in the future. For the article though, I think it's long enough and I don't want people to think they're reading War and Peace - but it's really good info and there is a comment/talkback link and if you're so inclined... ;) Thanks again for helping me to improve and clarify the tut :) Kindest regards, |
Might be prudent to mention how to use ssh-agent too.
If memory serves me correctly xfce is the only desktop that starts ssh-agent by default. You'll need at least one key loaded before you can use ssh-copy-id too. |
Quote:
I'll get to that tomorrow, I can hardly keep my eyes open now and the sun's going to come up within an hour or so here LOL. Thanks :) |
I just remembered... the August 2003 issue of Linux Journal had an article by Dennis Allen titled Eleven SSH Tricks; here's a link to it http://www.linuxjournal.com/article/6602.
Might not be useful for purposes of your article but he does discuss some pretty useful means and methods (and I think that's where I got on to ~/.ssh/config). Hope this helps some. |
I also wrote a bit of a mini-howto here.
http://www.linuxquestions.org/questi...7/#post3762345 Might help a little. |
Here is an odd ssh trick. Using ControlMaster Auto will reuse the socket if you are ssh'ing to the same host, speeding up new connections to the same host.
Simply create a file $HOME/.ssh/config with these contents: Code:
Host * |
=-=-=-
"... Let's restart sshd: root@remotebox:~# vim /etc/rc.d/rc.sshd restart -=-=-=-=-=-==- You probably want to omit the 'vim' command. As written, one will open rc.sshd in a vim session, then a new file titled 'restart'. I make a lot of similar copy/paste mistakes. I'll look at the same mistake all day and not notice it. I think it's a good idea to ask the Slackware forum to help out with proofreading. Perhaps we could start a sub-forum dedicated to proofreading? Then we can train ourselves to get the LQ stamp of approval before release. Good thread! |
All times are GMT -5. The time now is 08:20 AM. |