Posts with the tag SSH

Local SOCKS-5 Proxy by only connecting via SSH

http://daniel.molkentin.de/blog/archives/96-SOCKS-Proxy-via-SSH.html

ssh -D 8080 someuser@somecomputertouseasgateway

then setup the browser on this machine to use localhost:8080

...

Read on

denyhost

http://denyhosts.sourceforge.net/
http://www.heise.de/security/artikel/SSH-vor-Brute-Force-Angriffen-schuetzen-270140.html

denyhost can help keep out unwanted guests from your ssh server.

/etc/hosts.deny:

#
# /etc/hosts.deny
#

ALL: ALL: DENY

# End of file

/etc/hosts.allow:

#
# /etc/hosts.allow
#

sshd: ALL EXCEPT /etc/hosts.evil

# End of file
...

Read on

ssh Shortcuts using .ssh/config

To create an ssh shortcut, add the following text (adopted to your setup) to .ssh/config:

# You can add multiple blocks like this to your .ssh/config
Host rudolf
Hostname rudolf-web.net
Port 22
User rudolf
Protocol 2
Compression yes
ServerAliveInterval 15
ForwardX11 no
#LocalForward 20001 8.8.8.8:80

To connect to that host via ssh you can now simply type the following...

Read on

Set up a Unix User Account with SFTP Access but no other Rights (such as Shell Access)

An easier solution just by setting a line in the configuration of the ssd daemon can be found in the blog post Chroot SFTP users.

http://forum.ubuntuusers.de/post/1884322/
http://manpages.ubuntu.com/manpages/karmic/man1/scponly.1.
http://wiki.ubuntuusers.de/scponly
http://sublimation.org/scponly/wiki/index.php/Main_Page

sudo aptitude install scponly

configuration:

sudo -s
cd /usr/share/doc/scponly/setup_chroot
gunzip setup_chroot.sh.gz
chmod +x setup_chroot.sh
./setup_chroot.sh

this adds the user etc...

sudo...

Read on

SSH Welcome Banner

To warn unauthorized users logging in via ssh, you can add a ssh banner.

echo "Banner /etc/issue.net" | sudo tee -a /etc/ssh/sshd_config > /dev/null
cat << EOF | sudo tee /etc/issue.net
***************************************************************************
          ...

Read on

Analyse illegal SSH login attempts

Filter the authentication log file for failed authentications and count the attempts (lines in the log file):

grep -i fail /var/log/auth.log | wc -l

Check for all attacks with non existing usernames:

grep -i "Failed password for invalid user" /var/log/auth.log | cut -d " "...

Read on

Forbid root Login via SSH

Edit the configuration file of the SSH daemon:

sudo gedit /etc/ssh/sshd_config

Change the line containing PermitRootLogin yes to PermitRootLogin no , save the file and restart the SSH server.

sudo /etc/init.d/ssh restart
...

Read on

Set Up Public/Private Key Authentication for SSH to Connect from Laptop ↔ Desktop Without a Password Prompt

On both Linux/Unix computers you have to make sure they have a public key ~/.ssh/id_rsa.pub. If it is not there yet, run:

ssh-keygen -t rsa -b 4096

The desktop should be able to connect to the laptop with no password: (we work on the desktop here):

scp ~/.ssh/id_rsa.pub philipp@laptop:~/tmp-key.pub
ssh philipp@laptop
cat...

Read on

Organize Keyfiles – using Seahorse

Seahorse is organizes your SSH keys and is a frontend for GNU Privacy Guard (GPG)!

If you're using KDE

You should use KGPG

...

Read on