Posts with the tag SSH

Local SOCKS-5 Proxy by only connecting via SSH

ssh -D 8080 someuser@somecomputertouseasgateway

then setup the browser on this machine to use localhost:8080


Read on


denyhost can help keep out unwanted guests from your ssh server.


# /etc/hosts.deny


# End of file


# /etc/hosts.allow

sshd: ALL EXCEPT /etc/hosts.evil

# End of file

Read on

ssh Shortcuts using .ssh/config

To create an ssh shortcut, add the following text (adopted to your setup) to .ssh/config:

# You can add multiple blocks like this to your .ssh/config
Host rudolf
Port 22
User rudolf
Protocol 2
Compression yes
ServerAliveInterval 15
ForwardX11 no
#LocalForward 20001

To connect to that host via ssh you can now simply type the following...

Read on

Set up a Unix User Account with SFTP Access but no other Rights (such as Shell Access)

An easier solution just by setting a line in the configuration of the ssd daemon can be found in the blog post Chroot SFTP users.

sudo aptitude install scponly


sudo -s
cd /usr/share/doc/scponly/setup_chroot
chmod +x

this adds the user etc...


Read on

SSH Welcome Banner

To warn unauthorized users logging in via ssh, you can add a ssh banner.

echo "Banner /etc/" | sudo tee -a /etc/ssh/sshd_config > /dev/null
cat << EOF | sudo tee /etc/

Read on

Analyse illegal SSH login attempts

Filter the authentication log file for failed authentications and count the attempts (lines in the log file):

grep -i fail /var/log/auth.log | wc -l

Check for all attacks with non existing usernames:

grep -i "Failed password for invalid user" /var/log/auth.log | cut -d " "...

Read on

Forbid root Login via SSH

Edit the configuration file of the SSH daemon:

sudo gedit /etc/ssh/sshd_config

Change the line containing PermitRootLogin yes to PermitRootLogin no , save the file and restart the SSH server.

sudo /etc/init.d/ssh restart

Read on

Set Up Public/Private Key Authentication for SSH to Connect from Laptop ↔ Desktop Without a Password Prompt

On both Linux/Unix computers you have to make sure they have a public key ~/.ssh/ If it is not there yet, run:

ssh-keygen -t rsa -b 4096

The desktop should be able to connect to the laptop with no password: (we work on the desktop here):

scp ~/.ssh/ philipp@laptop:~/
ssh philipp@laptop

Read on

Organize Keyfiles – using Seahorse

Seahorse is organizes your SSH keys and is a frontend for GNU Privacy Guard (GPG)!

If you're using KDE

You should use KGPG


Read on