Comments on: Installing and Configuring an SSH Server http://www.nixtutor.com/linux/installing-and-configuring-an-ssh-server/ Helping you Learn Linux Sun, 14 Feb 2010 17:54:13 +0000 http://wordpress.org/?v=2.9.1 hourly 1 By: Yang http://www.nixtutor.com/linux/installing-and-configuring-an-ssh-server/comment-page-1/#comment-861 Yang Mon, 07 Sep 2009 03:42:40 +0000 http://www.nixtutor.com/?p=828#comment-861 That's absolutely some great security tips in here. I'm going to give the port knocking a try because it seems like a cool idea to keep out port scans. Also I'm thinking about allowing only 1 ip to have access to my server as I have a fixed IP from my home PC. I figure I can do it with hosts.deny/allow except I can't find them on my server. Does that come with denyhosts the failure logins detector package? I don't quite like the idea of private/public key authentication because what if I lost my keys(the files containing the keys) and I have prohibited authentication by password? How am I supposed to reach into my server and get things back? That’s absolutely some great security tips in here. I’m going to give the port knocking a try because it seems like a cool idea to keep out port scans. Also I’m thinking about allowing only 1 ip to have access to my server as I have a fixed IP from my home PC. I figure I can do it with hosts.deny/allow except I can’t find them on my server. Does that come with denyhosts the failure logins detector package?

I don’t quite like the idea of private/public key authentication because what if I lost my keys(the files containing the keys) and I have prohibited authentication by password? How am I supposed to reach into my server and get things back?

]]> By: Eric Wendelin http://www.nixtutor.com/linux/installing-and-configuring-an-ssh-server/comment-page-1/#comment-471 Eric Wendelin Fri, 26 Jun 2009 00:48:36 +0000 http://www.nixtutor.com/?p=828#comment-471 Just setup my SSH server with this post. Very helpful! You can personalize the MOTD by: figlet "message" > /etc/motd Just setup my SSH server with this post. Very helpful!

You can personalize the MOTD by:
figlet “message” > /etc/motd

]]> By: Harel Malka http://www.nixtutor.com/linux/installing-and-configuring-an-ssh-server/comment-page-1/#comment-318 Harel Malka Fri, 05 Jun 2009 09:47:38 +0000 http://www.nixtutor.com/?p=828#comment-318 I usually keep SSH servers running on port 443 when its free (i.e., when not serving https). That's obscurity in obscurity, and its web-filter/firewall proof ensuring you can ssh into your box even when in very restrictive environments. Harel I usually keep SSH servers running on port 443 when its free (i.e., when not serving https). That’s obscurity in obscurity, and its web-filter/firewall proof ensuring you can ssh into your box even when in very restrictive environments.
Harel

]]> By: Mark Sanborn http://www.nixtutor.com/linux/installing-and-configuring-an-ssh-server/comment-page-1/#comment-314 Mark Sanborn Thu, 04 Jun 2009 16:09:03 +0000 http://www.nixtutor.com/?p=828#comment-314 @Ross 1. Ahh, yes to restart SSH on a debian based system you use: 'sudo /etc/init.d/ssh restart' For BSD type init systems like ones found in Arch Linux use, '/etc/rc.d/ssh restart' I will add these to the post. 2. Opps, I'll add this as well 3. Yeah, usually I do, Thanks for the input :) @Ross
1. Ahh, yes to restart SSH on a debian based system you use: ’sudo /etc/init.d/ssh restart’ For BSD type init systems like ones found in Arch Linux use, ‘/etc/rc.d/ssh restart’

I will add these to the post.

2. Opps, I’ll add this as well

3. Yeah, usually I do,

Thanks for the input :)

]]> By: The Dozy Kraut http://www.nixtutor.com/linux/installing-and-configuring-an-ssh-server/comment-page-1/#comment-310 The Dozy Kraut Wed, 03 Jun 2009 16:27:38 +0000 http://www.nixtutor.com/?p=828#comment-310 If I remember correctly the RSA key-length defaults to 2048 which some consider inadequate in the face of GPU assisted cracks. You can set the length with -b switch in keygen. 4096 is a fairly good length until NVIDIA comes up with even faster GPUs. It is also a good idea to disable password authentication altogether and eschew PAM (it has the nasty habit of keeping password login active, overriding sshd settings) If I remember correctly the RSA key-length defaults to 2048 which some consider inadequate in the face of GPU assisted cracks. You can set the length with -b switch in keygen. 4096 is a fairly good length until NVIDIA comes up with even faster GPUs.

It is also a good idea to disable password authentication altogether and eschew PAM (it has the nasty habit of keeping password login active, overriding sshd settings)

]]> By: Ross http://www.nixtutor.com/linux/installing-and-configuring-an-ssh-server/comment-page-1/#comment-309 Ross Wed, 03 Jun 2009 15:14:56 +0000 http://www.nixtutor.com/?p=828#comment-309 Good, stuff, couple suggestions. 1. Mention restarting ssh after configuration changes 'sudo /etc/init.d/ssh restart' As I think its necessary to reflect changes, I could be wrong. 2. You mention changing motd but don't tell how. 3. You could use apt:urls for packages Good post Good, stuff, couple suggestions.

1. Mention restarting ssh after configuration changes
’sudo /etc/init.d/ssh restart’ As I think its necessary to reflect changes, I could be wrong.

2. You mention changing motd but don’t tell how.

3. You could use apt:urls for packages

Good post

]]>