[gentoo-user] SSH + Keys

[gentoo-user] SSH + Keys

[Timothy A. Holmes]

Good Morning Folks:

I have been doing some reading over the last day or two about a SSH bot
attack that is occurring in some places.  I will be the first to admit
that I have been a bit lax with my ssh security (allowing root logins
etc).  This problem has inspired me to get things cleaned up, and flying
right again.  I have already modified my ssh config to prevent root
logins via ssh, so that hole is closed.  In talking to a friend
yesterday, he suggested using key based authentication to further
protect my servers, which sounds like a great idea.  The problem is that
I have no idea how to set it up.  A google search turned up the Gentoo
pages on keychain, which does not sound exactly like what he was talking
about (he mentioned a key carried on a JUMP drive (usb stick)) 

I am using gentoo (and fedora (soon to be converted) servers) and PUTTY.
If someone can offer suggestions, or point me in the right direction, I
would be most appreciative.  

Timothy A. Holmes
IT Manager / Network Admin / Web Master / Computer Teacher
 
Medina Christian Academy
A Higher Standard...
 
Jeremiah 33:3
Jeremiah 29:11
Esther 4:14		


-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] SSH + Keys

[John Jolet]

On Mar 8, 2006, at 8:31 AM, Timothy A. Holmes wrote:

> Good Morning Folks:
>
> I have been doing some reading over the last day or two about a SSH  
> bot
> attack that is occurring in some places.  I will be the first to admit
> that I have been a bit lax with my ssh security (allowing root logins
> etc).  This problem has inspired me to get things cleaned up, and  
> flying
> right again.  I have already modified my ssh config to prevent root
> logins via ssh, so that hole is closed.  In talking to a friend
> yesterday, he suggested using key based authentication to further
> protect my servers, which sounds like a great idea.  The problem is  
> that
> I have no idea how to set it up.  A google search turned up the Gentoo
> pages on keychain, which does not sound exactly like what he was  
> talking
> about (he mentioned a key carried on a JUMP drive (usb stick))
>
> I am using gentoo (and fedora (soon to be converted) servers) and  
> PUTTY.
> If someone can offer suggestions, or point me in the right  
> direction, I
> would be most appreciative.
step one...on the box you'll be connecting FROM, run ssh-keygen -t  
rsa (or dsa).  It will ask you the name of the file to save it to,  
take the default.  Put a passphrase on it.
step two...that created id_dsa.pub (which is what you get if you pick  
dsa above) in your ~/.ssh directory.  copy that id_dsa.pub up to a  
server you want to connect to
step three...since you've turned off root logins, you have a user on  
that box.  copy that id_dsa.pub file into the ~/.ssh/authorized_keys  
file on the target system.  note that if you have to create that  
directory yourself, you'll probably have to remove group-write  
permissions before this will work.
step four...verify that in the target server's sshd_config file,  
PubkeyAuthentication is set to yes

that should allow you to ssh targetservername...you'll be asked for a  
password, but that's to access the key on your LOCAL box.  add a -vv  
and you'll see all kinds of cool stuff.

Note that I also move ssh from port 22 to some other port, and in my  
local box, in .ssh, create a file called config.  In that I put:
"Host *
User john
port xxx"

this says for all hosts i ssh to, use port 26, and username john at  
the far end.  you can replace the * with individual host names (as  
resolved via dns or hosts file) to have different usernames on  
different boxes and different ports per host.

I've had NO ssh portscans on my boxes since I moved them off of port  
22.  for security's sake, i won't tell you where I moved them to :)
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] SSH + Keys

[Nagatoro]

John Jolet wrote:
> this says for all hosts i ssh to, use port 26, and username john at the
[...]
> I've had NO ssh portscans on my boxes since I moved them off of port
> 22.  for security's sake, i won't tell you where I moved them to :)

Missed something? :)

-- 
Naga
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] SSH + Keys

[John Jolet]

On Mar 8, 2006, at 9:02 AM, Nagatoro wrote:

> John Jolet wrote:
>> this says for all hosts i ssh to, use port 26, and username john  
>> at the
> [...]
>> I've had NO ssh portscans on my boxes since I moved them off of port
>> 22.  for security's sake, i won't tell you where I moved them to :)
>
> Missed something? :)
is that a question or statement?  What do you mean?
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] SSH + Keys

[A. Khattri]

On Wed, 8 Mar 2006, John Jolet wrote:

> I've had NO ssh portscans on my boxes since I moved them off of port
> 22.  for security's sake, i won't tell you where I moved them to :)

I dont think moving ssh from port 22 will stop portscans but it will stop
brute force attacks directly on port 22.

I prefer to just run denyhosts on my servers instead:

# eix denyhosts
* app-admin/denyhosts
     Available versions:  1.1.2 1.1.2-r1 2.1
     Installed:           2.1
     Homepage:            http://www.denyhosts.net
     Description:         DenyHosts is a utility to help sys admins thwart ssh hackers


Found 1 matches

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] SSH + Keys

[John Jolet]

On Mar 8, 2006, at 10:06 AM, Etaoin Shrdlu wrote:

> On Wednesday 08 March 2006 16:06, John Jolet wrote:
>
>> is that a question or statement?  What do you mean?
>
> You said:
>
>>>> I've had NO ssh portscans on my boxes since I moved them off of
>>>> port 22.  for security's sake, i won't tell you where I moved them
>>>> to :)
>
> but at the beginning of your message you said:
>
>>>> this says for all hosts i ssh to, use port 26, and username john
>>>> at the
>
> so, you said that you use port 26 for ssh before saying that you won't
> tell what port you moved ssh to.
>
oops.  well i guess i'll move it again :)
> -- 
> gentoo-user@gentoo.org mailing list
>

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] SSH + Keys

[John Jolet]

On Mar 8, 2006, at 9:54 AM, A. Khattri wrote:

> On Wed, 8 Mar 2006, John Jolet wrote:
>
>> I've had NO ssh portscans on my boxes since I moved them off of port
>> 22.  for security's sake, i won't tell you where I moved them to :)
>
> I dont think moving ssh from port 22 will stop portscans but it  
> will stop
> brute force attacks directly on port 22.
>
Perhaps I was unclear.  I haven't seen the large numbers of attempted  
logins with obvious dictionary lists of usernames on ssh since I  
moved it.

I'll have to look into denyhosts...what does it do?  I can't predict  
where I might be coming from, as I'm frequently at client locations  
and travelling.

> I prefer to just run denyhosts on my servers instead:
>
> # eix denyhosts
> * app-admin/denyhosts
>      Available versions:  1.1.2 1.1.2-r1 2.1
>      Installed:           2.1
>      Homepage:            http://www.denyhosts.net
>      Description:         DenyHosts is a utility to help sys admins  
> thwart ssh hackers
>
>
> Found 1 matches
>
> -- 
> gentoo-user@gentoo.org mailing list
>

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] SSH + Keys

[Etaoin Shrdlu]

On Wednesday 08 March 2006 16:06, John Jolet wrote:

> is that a question or statement?  What do you mean?

You said:

> >> I've had NO ssh portscans on my boxes since I moved them off of
> >> port 22.  for security's sake, i won't tell you where I moved them
> >> to :)

but at the beginning of your message you said:

> >> this says for all hosts i ssh to, use port 26, and username john
> >> at the

so, you said that you use port 26 for ssh before saying that you won't 
tell what port you moved ssh to.
-- 
gentoo-user@gentoo.org mailing list