[[ssh]]
Trace:
Show page
AdminRecent ChangesSitemap

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Last revision Both sides next revision
ssh [2009/03/19 12:34]
a ssh chroot solution 		ssh [2015/10/30 14:52]
zagi [other]
Line 3: Line 3:
 Links: Links:
    * [[http://www.howtoforge.com/chrooted-ssh-sftp-tutorial-debian-lenny|Chrooted SSH/SFTP Tutorial (Debian Lenny) ]]    * [[http://www.howtoforge.com/chrooted-ssh-sftp-tutorial-debian-lenny|Chrooted SSH/SFTP Tutorial (Debian Lenny) ]]
 +   * [[http://wiki.centos.org/HowTos/Network/SecuringSSH|Securing SSH (CentOS wiki)]]
  
 ===== banner in ssh ===== ===== banner in ssh =====
Line 16: Line 17:
    *********************************************    *********************************************
  
-===== Creating SSH key =====+http://techgurulive.com/2008/09/15/how-to-protect-ssh-from-multiple-and-parallel-coordinated-attacks/
  
-**DSA key**+ 
 + 
 +===== SSH and working with keys ===== 
 + 
 +create your key
    ssh-keygen -t dsa    ssh-keygen -t dsa
  
 +copy your new key out to all the servers, and make ssh use it.
 +the mkdir below may fail if the directory exists, ignore the error its harmless
 +<code bash|>
 +for i in $(cat servers) ; do
 +echo SERVER=$;
 +scp ~/.ssh/id_dsa.pub $i
 +ssh $i "mkdir .ssh ;
 +chmod 700 .ssh ;
 +cat ~/id_dsa.pub >> ~/.ssh/authorized_keys ;
 +chmod 644 /.ssh/authorized_keys;"
 +done
 +</code>
 +
 +===== How to Fix Offering key in ~/.ssh/known_hosts =====
 +# ssh -o 'StrictHostKeyChecking no' user@host
 +
 +==== Remove the offending ssh key ====
 +<code>
 +@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
 +@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
 +@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
 +IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
 +Someone could be eavesdropping on you right now (man-in-the-middle attack)!
 +It is also possible that the RSA host key has just been changed.
 +The fingerprint for the RSA key sent by the remote host is
 +a7:a8:f2:97:94:33:58:b7:9d:bc:e0:a6:6b:f7:0a:29.
 +Please contact your system administrator.
 +Add correct host key in /home/ramesh/.ssh/known_hosts to get rid of this message.
 +Offending key in /home/ramesh/.ssh/known_hosts: 6
 +Permission denied (publickey,password).
 +</code>
 +
 +   # sed -i '6d' ~/.ssh/known_hosts
 +
 +<note important>**Note**: Change the **6d** according to the line number shown.</note>
 +
 +**Perl solution**: 
 +   # perl -pi -e 's/\Q$_// if ($. == 6);' ~/.ssh/known_hosts
  
  
Line 115: Line 158:
  
 This document is free; you can redistribute it and/or modify it under the terms of the GNU GPL, see http://www.gnu.org/copyleft/gpl.html .  There is NO WARRANTY. This document is free; you can redistribute it and/or modify it under the terms of the GNU GPL, see http://www.gnu.org/copyleft/gpl.html .  There is NO WARRANTY.
 +
 +
 +===== Fail2Ban ====
 +  /etc/fail2ban/jail.conf\\
 +\\
 +      action = %(action_mw)s\\
 +
 +
 +===== other SSH stuff ======
 +
 +use EF DSCP in ssh:
 +
 +  ~/.ssh/config
 +  IPQoS ef
 +  
 +use jump host
 +
 +  ~/.ssh/config
 +  Host finalhost
 +  HostName finalhost
 +  User userfinal
 +  ProxyCommand ssh proxyuser@proxyhost nc %h %p
 +
 +then one can simply type
 +
 +  ssh finalhost 
 +to ssh via proxyhost to final destination host
 +  
ssh.txt · Last modified: 2016/08/04 09:37 by zagi
Show pageOld revisions
Media ManagerBack to top
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0 ipv6 ready