Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
ssh [2009/03/26 10:49] a wtf?! |
ssh [2016/08/04 09:37] zagi [other SSH stuff] |
||
---|---|---|---|
Line 3: | Line 3: | ||
Links: | Links: | ||
* [[http:// | * [[http:// | ||
+ | * [[http:// | ||
===== banner in ssh ===== | ===== banner in ssh ===== | ||
Line 15: | Line 16: | ||
* All accesses to this service are logged. | * All accesses to this service are logged. | ||
| | ||
+ | |||
+ | http:// | ||
Line 35: | Line 38: | ||
done | done | ||
</ | </ | ||
+ | |||
+ | ===== How to Fix Offering key in ~/ | ||
+ | # ssh -o ' | ||
+ | |||
+ | ==== Remove the offending ssh key ==== | ||
+ | < | ||
+ | @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ | ||
+ | @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! | ||
+ | @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ | ||
+ | IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! | ||
+ | Someone could be eavesdropping on you right now (man-in-the-middle attack)! | ||
+ | It is also possible that the RSA host key has just been changed. | ||
+ | The fingerprint for the RSA key sent by the remote host is | ||
+ | a7: | ||
+ | Please contact your system administrator. | ||
+ | Add correct host key in / | ||
+ | Offending key in / | ||
+ | Permission denied (publickey, | ||
+ | </ | ||
+ | |||
+ | # sed -i ' | ||
+ | |||
+ | <note important> | ||
+ | |||
+ | **Perl solution**: | ||
+ | # perl -pi -e ' | ||
+ | |||
====== How to harden your sshd ====== | ====== How to harden your sshd ====== | ||
Line 128: | Line 158: | ||
This document is free; you can redistribute it and/or modify it under the terms of the GNU GPL, see http:// | This document is free; you can redistribute it and/or modify it under the terms of the GNU GPL, see http:// | ||
+ | |||
+ | |||
+ | ===== Fail2Ban ==== | ||
+ | / | ||
+ | \\ | ||
+ | action = %(action_mw)s\\ | ||
+ | |||
+ | |||
+ | ===== other SSH stuff ====== | ||
+ | |||
+ | use EF DSCP in ssh: | ||
+ | |||
+ | ~/ | ||
+ | IPQoS ef | ||
+ | | ||
+ | use jump host | ||
+ | |||
+ | ~/ | ||
+ | Host finalhost | ||
+ | HostName finalhost | ||
+ | User userfinal | ||
+ | ProxyCommand ssh proxyuser@proxyhost nc %h %p | ||
+ | |||
+ | then one can simply type | ||
+ | |||
+ | ssh finalhost | ||
+ | to ssh via proxyhost to final destination host | ||
+ | |||
+ | |||
+ | using same options for multiple hosts in same domain | ||
+ | |||
+ | Host switch* router* myrouter* cmts* | ||
+ | |||
+ | no need to type FQDN for switch-somethingsomething |