[[ssh]]
Trace:
Show page
AdminRecent ChangesSitemap

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
ssh [2009/05/25 00:35]
127.0.0.1 external edit 		ssh [2016/08/04 09:37] (current)
zagi [other SSH stuff]
Line 3: Line 3:
 Links: Links:
    * [[http://www.howtoforge.com/chrooted-ssh-sftp-tutorial-debian-lenny|Chrooted SSH/SFTP Tutorial (Debian Lenny) ]]    * [[http://www.howtoforge.com/chrooted-ssh-sftp-tutorial-debian-lenny|Chrooted SSH/SFTP Tutorial (Debian Lenny) ]]
 +   * [[http://wiki.centos.org/HowTos/Network/SecuringSSH|Securing SSH (CentOS wiki)]]
  
 ===== banner in ssh ===== ===== banner in ssh =====
Line 15: Line 16:
    * All accesses to this service are logged.  *    * All accesses to this service are logged.  *
    *********************************************    *********************************************
 +
 +http://techgurulive.com/2008/09/15/how-to-protect-ssh-from-multiple-and-parallel-coordinated-attacks/
  
  
Line 35: Line 38:
 done done
 </code> </code>
 +
 +===== How to Fix Offering key in ~/.ssh/known_hosts =====
 +# ssh -o 'StrictHostKeyChecking no' user@host
 +
 +==== Remove the offending ssh key ====
 +<code>
 +@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
 +@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
 +@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
 +IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
 +Someone could be eavesdropping on you right now (man-in-the-middle attack)!
 +It is also possible that the RSA host key has just been changed.
 +The fingerprint for the RSA key sent by the remote host is
 +a7:a8:f2:97:94:33:58:b7:9d:bc:e0:a6:6b:f7:0a:29.
 +Please contact your system administrator.
 +Add correct host key in /home/ramesh/.ssh/known_hosts to get rid of this message.
 +Offending key in /home/ramesh/.ssh/known_hosts: 6
 +Permission denied (publickey,password).
 +</code>
 +
 +   # sed -i '6d' ~/.ssh/known_hosts
 +
 +<note important>**Note**: Change the **6d** according to the line number shown.</note>
 +
 +**Perl solution**: 
 +   # perl -pi -e 's/\Q$_// if ($. == 6);' ~/.ssh/known_hosts
 +
  
 ====== How to harden your sshd ====== ====== How to harden your sshd ======
Line 128: Line 158:
  
 This document is free; you can redistribute it and/or modify it under the terms of the GNU GPL, see http://www.gnu.org/copyleft/gpl.html .  There is NO WARRANTY. This document is free; you can redistribute it and/or modify it under the terms of the GNU GPL, see http://www.gnu.org/copyleft/gpl.html .  There is NO WARRANTY.
 +
  
 ===== Fail2Ban ==== ===== Fail2Ban ====
Line 134: Line 165:
       action = %(action_mw)s\\       action = %(action_mw)s\\
  
 +
 +===== other SSH stuff ======
 +
 +use EF DSCP in ssh:
 +
 +  ~/.ssh/config
 +  IPQoS ef
 +  
 +use jump host
 +
 +  ~/.ssh/config
 +  Host finalhost
 +  HostName finalhost
 +  User userfinal
 +  ProxyCommand ssh proxyuser@proxyhost nc %h %p
 +
 +then one can simply type
 +
 +  ssh finalhost 
 +to ssh via proxyhost to final destination host
 +
 +
 +using same options for multiple hosts in same domain
 +
 +   Host switch* router* myrouter* cmts*
 +
 +no need to type FQDN for switch-somethingsomething
ssh.1243204502.txt.gz ยท Last modified: 2009/07/23 15:33 (external edit)
Show pageOld revisions
Media ManagerBack to top
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0 ipv6 ready