Re: [gNewSense-users] SSH: HostKey vs. AuthorizedKeysFile

gnewsense-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [gNewSense-users] SSH: HostKey vs. AuthorizedKeysFile

From:	Karl Goetz
Subject:	Re: [gNewSense-users] SSH: HostKey vs. AuthorizedKeysFile
Date:	Thu, 29 Mar 2012 21:12:10 +1100

On Tue, 27 Mar 2012 21:19:53 +0200
address@hidden (Michał Masłowski) wrote:

> > This guide [1] recommends to change ListenAddress to 192.168.0.1 and
> > Port to 666. (I want to use another port (and another address). Does
> > it matter? 666 is used by Doom. [2])
> 
> It's ok if you don't use Doom or other services on port 666 and your
> firewall/ISP doesn't prevent you from connecting to it.  For correctly
> configured sshd, changing port should just lower the amount of login
> attempts by bots, it's practically impossible for them to succeed when
> only public key authentication is enabled (and they don't know your
> private key and you haven't used a bad random number generator to make
> the key pair).

I'd also suggest installing 'fail2ban'. Work out of the box with SSH,
helps prevent dictionary attacks and can be configured to work with
dozens of other services.

> > How to use SSH with a non-standard port? Will it be something like
> > this: ssh -i ~/.ssh/id_rsa <server's ip>:<new port number>?

You used -i earlier as well. If you only have one key for your user,
ssh will pick the correct one by default. No need to specify.

> > Is there a need for a username@ prefix before the server's ip (I
> > changed PermitRootLogin to no)?

If you log in with the same username on both hosts, you can leave it.

> I have this fragment in ~/.ssh/config:
> 
> Host parabola
>      Port 1863
>      HostName repo.parabolagnulinux.org
>      User repo
>      IdentityFile ~/.ssh/id_rsa
> 
> If I don't specify the username@ prefix when connecting to parabola,
> it will connect as user "repo" (by default the local user name is
> used).

Using .ssh/config is good advice, and I'd definitely suggest you try it
out. I've got ~15 different Host entries, some of which contain
wildcards (eg *.gnewsense.org). Helps if any defaults need setting, or
if you want to use rsync over ssh.
thanks,
kk

-- 
Karl Goetz, (Kamping_Kaiser / VK7FOSS)
http://www.kgoetz.id.au
No, I won't join your social networking group
*** I've changed GPG key to 6C097260 ***

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

[gNewSense-users] SSH: HostKey vs. AuthorizedKeysFile, Stayvoid, 2012/03/27
- Re: [gNewSense-users] SSH: HostKey vs. AuthorizedKeysFile, Michał Masłowski, 2012/03/27
  - Re: [gNewSense-users] SSH: HostKey vs. AuthorizedKeysFile, Karl Goetz <=
    - Re: [gNewSense-users] SSH: HostKey vs. AuthorizedKeysFile, Stayvoid, 2012/03/30
    - Re: [gNewSense-users] SSH: HostKey vs. AuthorizedKeysFile, Stayvoid, 2012/03/30
    - Re: [gNewSense-users] SSH: HostKey vs. AuthorizedKeysFile, Sam Geeraerts, 2012/03/31
    - Re: [gNewSense-users] SSH: HostKey vs. AuthorizedKeysFile, Karl Goetz, 2012/03/31
    - Re: [gNewSense-users] SSH: HostKey vs. AuthorizedKeysFile, Sam Geeraerts, 2012/03/31
    - Re: [gNewSense-users] SSH: HostKey vs. AuthorizedKeysFile, Stayvoid, 2012/03/31
    - Re: [gNewSense-users] SSH: HostKey vs. AuthorizedKeysFile, Karl Goetz, 2012/03/31
    - Re: [gNewSense-users] SSH: HostKey vs. AuthorizedKeysFile, Karl Goetz, 2012/03/31

Prev by Date: Re: [gNewSense-users] Jitsi
Next by Date: Re: [gNewSense-users] Jitsi
Previous by thread: Re: [gNewSense-users] SSH: HostKey vs. AuthorizedKeysFile
Next by thread: Re: [gNewSense-users] SSH: HostKey vs. AuthorizedKeysFile
Index(es):
- Date
- Thread