Jump to content

Network File Sharing... How-to?


V.T. Eric Layton

Recommended Posts

securitybreach
10-4. I was just calling to thank you, anyway. I don't have a voice today. I've been battling a sore throat for 5 days now. I'm fighting off some crud, I guess. I'm actually starting to feel better today, though.

 

Anyway, when you get home later you can tell me what the advantages of:

 

1. changing my default port for ssh - security by obscurity, I assume. Right?

 

2. using ssh key pairs rather than passwords - more security so my passwords aren't bouncing all over the neighborhood via my wifi. Right?

 

Thanks again... I have to go set this up in Arch now. I imagine that should be simpler than it was in Slackware... usually is. ;)

 

Later...

1. Well as far as the port, I use an obscure port for the simple reason that most ip scanners search for common ports like 22 (ssh), 21 (ftp), 139(netbios), etc. on various servers. It is just another way to keep yourself off the radar.

 

2. Pretty much. I use it as a another security as I regularly connect to a remote session (my linode) so it is not just my neighborhood I have to worry about.

http://serverfault.com/questions/203613/is...-authentication

 

No problem!! Also, make sure you are running protocol 2 as protocol 1 was the one that had the vulnerability last year: https://wiki.archlinux.org/index.php/Secure_Shell#Client

Link to comment
Share on other sites

V.T. Eric Layton

MattDM's explanation in that first link is excellent. :) I'm running ssh-agent by default, and I see keys generated in my .ssh/known_hosts file, so I'm assuming that my passwords are not being flung around the neighborhood randomly each time I ssh into one of my machines.

 

I'm still trying to figure out how to change my default port. I can change it in /etc/ssh/ssh_config, but then ssh fails (connection denied errors). I'm assuming that my router is blocking the port I've chosen to use. Sound reasonable? How do I fix this? Do I need to FWD the port in the router control panel?

 

I'm such a dim-bulb when it comes to this networking carp. I really have neglected that part of my education. :(

Link to comment
Share on other sites

securitybreach
I'm still trying to figure out how to change my default port. I can change it in /etc/ssh/ssh_config, but then ssh fails (connection denied errors). I'm assuming that my router is blocking the port I've chosen to use. Sound reasonable? How do I fix this? Do I need to FWD the port in the router control panel?

 

I'm such a dim-bulb when it comes to this networking carp. I really have neglected that part of my education. :(

That is because you are editing the wrong file. The file /etc/ssh/ssh_config is for the client and /etc/ssh/sshd_config is for the server: https://wiki.archlinux.org/index.php/Secure_Shell#Daemon

 

Change the port in sshd_config, restart sshd and you should be good to go :thumbsup:

 

 

Link to comment
Share on other sites

V.T. Eric Layton

I edited them both. I changed the port and I changed to Protocol 2 in both. It wasn't working before because... DUH! I had only made the changes on the main system... not the remotes. HA! All's working now, though.

 

Thanks! :)

Link to comment
Share on other sites

securitybreach

I personally leave the default port on /etc/ssh/ssh.conf as I always specify the port when I connect to a host anyway. That part does not really matter as that is not for the server anyway. The only things I have uncommented on /etc/ssh/ssh_config is:

 

Protocol 2

HashKnownHosts yes

StrictHostKeyChecking yes

ServerAliveInterval 60

 

Glad that you got everything working now!! B)

Link to comment
Share on other sites

securitybreach

You can also have a banner for each client by editing /etc/issue and uncommenting this line in /etc/ssh/sshd_config:

Banner /etc/issue

 

Then you can have a nice graphic/banner when you ssh into the machines. Here is the one I use on my Linode:

79f706180247627.jpg

 

(I had to take a screenshot of it as the ascii was not lining up correctly)

 

There are some more here: https://bbs.archlinux.org/viewtopic.php?pid=1039917

Link to comment
Share on other sites

V.T. Eric Layton

Pretty spiffy! :)

 

I'm headed out to the shop to edit the ssh setup on that machine now. :) I also need to sync my FF and TB data. Haven't done that in a while. It'll be easier and faster via ftp/ssh than it was using thumb drives and walking back and forth from the main system out to the shop. ;)

Link to comment
Share on other sites

securitybreach
We're long overdue for a new Comhack article. What's up with that? :(

Yeah, I know.... Been busy or lazy, I have not figured it out yet. I may review my new tablet that should arrive today.

 

Of course I am not as good with words as you are B)

Link to comment
Share on other sites

V.T. Eric Layton

You're not bad with words, either. You should write us up a good tutorial about doing something in Arch. :)

Link to comment
Share on other sites

securitybreach
You're not bad with words, either. You should write us up a good tutorial about doing something in Arch. :)

Thanks, I will try to write up something soon. :thumbsup:

Link to comment
Share on other sites

V.T. Eric Layton

Heh! Just for funzies, I decided to connect my main system and my lappy via MS Windows networking. The main system is XP and the lappy is 7. It took me all of about 5 minutes to get it going. MS does make it look simple sometimes. ;)

Link to comment
Share on other sites

MS does make it look simple sometimes. ;)
They have to. Their target consumer is not technically savvy. (And yes, I chose to use the word 'consumer' and not the word 'customer')

 

Link to comment
Share on other sites

V.T. Eric Layton

Nice of you to say that their consumer base is not "technically savvy" rather than "totally witless zombies". ;)

Link to comment
Share on other sites

securitybreach
Nice of you to say that their consumer base is not "technically savvy" rather than "totally witless zombies". ;)

Now now, we do not want to offend :hysterical:

Link to comment
Share on other sites

The target market has been carefully selected, trained, and brainwashed to meet the stringent requirements. :hysterical: :hysterical: :hysterical:

 

How's that? More clear and direct.

Link to comment
Share on other sites

securitybreach

I just ran across this link and thought I would share:

So you think you know OpenSSH inside and out? Test your chops against this hit parade of 16 expert tips and tricks, from identifying monkey-in-the-middle attacks to road warrior security to attaching remote screen sessions. Follow the countdown to the all-time best OpenSSH command!...

16 Ultimate OpenSSH Hacks

Link to comment
Share on other sites

securitybreach
Nice article. Carla is a long-time linux gnuru and network administrator who also has the ability to teach others complicated subjects.

Thanks for posting this.

:thumbsup:

Link to comment
Share on other sites

V.T. Eric Layton

Yup. As stated in response to your posting of this on my blog article, that is an outstanding Carla posting. I printed it to .pdf and stored it locally on my system. Handy-dandy tips! :)

Link to comment
Share on other sites

  • 10 years later...
On 10/24/2010 at 3:58 PM, amenditman said:

That was the best one xckd has done in a while, all good, but that one was classic. Especially the crack at 'leet' speak. Love it.'Shiboleet' ~= ShibbolethWikipedia

 

On 10/24/2010 at 8:32 AM, sunrat said:
Urmas said:
Just say The Word.

I was just about to post a link to that till I read your post. One of xkcd's best! :hysterical:

 

That is one side splitting comic. 🤣

 

From my post about Kwixi in regard to xckd cartoons the Kwixi download does not seem to work.

 

So I followed the trail back to the original xckd site which is most interesting.

 

Welcome to the explain xkcd wiki!

 

Quote

We have an explanation for all 2705 xkcd comics, and only 27 (1%) are incomplete. Help us finish them!

 

They have a list of all the comics in date order.

 

https://www.explainxkcd.com/wiki/index.php/List_of_all_comics_(1-500)

 

Why am I interested in necromancy or raising the dead, well I am not really. I did a site search for xckd as I though we had a thread here but it seems the search engine only gave me this one example of " xckd " in the archives so I posted here.

 

🤓

 

 

Edited by abarbarian
  • Like 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...