sshd config - WAS Secure entry into remote systems

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Scot L. Harris wrote: 
On Wed, 2004-05-19 at 00:59, Edward wrote:

I have several servers installed at customer's premises. I used to simply run out there to fix any slight problems or update mail white lists etc.

However, with a few customers more than 1.5 hours drive away, I need to look at remote administration. Especially for simply adding few users to a spamassassin white list or the like, which really only are 10 minute jobs.

So, I was thinking about setting up dyndns or no-ip addresses for these servers, then opening up the firewall for either ssh or VPN. None of my customers have a static internet address.


In your place I would setup ssh. The thing you need to make sure of is
if you are using password authentication that all your passwords are
good ones. I believe you may want to lock down ssh to specific known
hosts and keys. Even if you need to administer multiple systems
remotely use one to ssh to and then ssh from that one to the others. Also disable roots use of ssh so no one can go straight in as root. Means you will login as a normal user then su to root as needed.

Over those dialup lines you are not going to be doing any X-windows
forwarding or other GUI tricks, but command line should be fine.


OK, I need some more clarification here please. After reading all the suggestions, I'd like to set up shared key authentication.

After reading mountains of stuff on the internet, I can't get this to work.

The client is PuTty if that makes a difference.

1> Used PuTtygen.exe to create a key pair with a pass phrase.
2> saved both keys into a folder on the client PC.
3> Copied the PUBLIC key to $HOME/.ssh/authorized_keys on the ssh server (FC1 with all updates).
4> Modified sshd.conf to disallow text passwords, disallow root log ins, and to accept key pair authentication using challenge response.
5> Restarted sshd (ofcourse :) )
6> Started putty, loading up the private key from the local hard drive

It asks for my user name, which I fill in.

At this point from what I understand and from the reading I've done, it's SUPPOSED to ask me my pass phrase. However, it asks for a password instead, which, ofcourse, fails because I've disallowed password authentication.

7> Just to make sure I didn't misunderstand the location of authorized_keys, I copied it to ~/.ssh and /.ssh as well and re-did steps above from 5>

I just can't get it to work. What am I missing?

Regards,
Ed.



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux