[colug-432] SSH
Richard Holbert
holbert.13 at osu.edu
Thu Mar 10 09:11:41 EST 2011
On 03/10/2011 08:51 AM, R P Herrold wrote:
> On Wed, 9 Mar 2011, Richard Troth wrote:
>
>> port. I hate it. There are other ways to defend. I may use one or
>> more of them in the future (eg: maybe port knocking).
> I find less cumbersome and better: fail2ban
> which permits adding 'whitelist ranges' so that one does not
> lock oneself out
>
> and moving to certificate based authentication _only_ as to
> external network access, totally disabling password based
> access. See a hardening outline I wrote at:
> http://www.pmman.com/usage/hardening/
>
> I still need to write the last piece about the management of
> the ssh_config file:
> ~/.ssh/config
> but it solves almost all remaining secure authentiation needs
>
> -- Russ herrold
Here's a sample of a simplified ~/.ssh/config file:
Host hogwarts
HostName hogwarts.mom.uk
Port 7777
User harry.potter
Host home
HostName shire.dyndns.org
Port 443
With this in place, you do not have to specify nonstandard port numbers
or different usernames. It also creates an alias for the remote host
name that can also be used with commands like scp and rsync. see the man
page for ssh_config for more settings.
Rick
More information about the colug-432
mailing list