securitybreach Posted March 17, 2012 Posted March 17, 2012 10-4. I was just calling to thank you, anyway. I don't have a voice today. I've been battling a sore throat for 5 days now. I'm fighting off some crud, I guess. I'm actually starting to feel better today, though. Anyway, when you get home later you can tell me what the advantages of: 1. changing my default port for ssh - security by obscurity, I assume. Right? 2. using ssh key pairs rather than passwords - more security so my passwords aren't bouncing all over the neighborhood via my wifi. Right? Thanks again... I have to go set this up in Arch now. I imagine that should be simpler than it was in Slackware... usually is. Later... 1. Well as far as the port, I use an obscure port for the simple reason that most ip scanners search for common ports like 22 (ssh), 21 (ftp), 139(netbios), etc. on various servers. It is just another way to keep yourself off the radar. 2. Pretty much. I use it as a another security as I regularly connect to a remote session (my linode) so it is not just my neighborhood I have to worry about. http://serverfault.com/questions/203613/is...-authentication No problem!! Also, make sure you are running protocol 2 as protocol 1 was the one that had the vulnerability last year: https://wiki.archlinux.org/index.php/Secure_Shell#Client Quote
V.T. Eric Layton Posted March 17, 2012 Author Posted March 17, 2012 MattDM's explanation in that first link is excellent. I'm running ssh-agent by default, and I see keys generated in my .ssh/known_hosts file, so I'm assuming that my passwords are not being flung around the neighborhood randomly each time I ssh into one of my machines. I'm still trying to figure out how to change my default port. I can change it in /etc/ssh/ssh_config, but then ssh fails (connection denied errors). I'm assuming that my router is blocking the port I've chosen to use. Sound reasonable? How do I fix this? Do I need to FWD the port in the router control panel? I'm such a dim-bulb when it comes to this networking carp. I really have neglected that part of my education. Quote
securitybreach Posted March 17, 2012 Posted March 17, 2012 I'm still trying to figure out how to change my default port. I can change it in /etc/ssh/ssh_config, but then ssh fails (connection denied errors). I'm assuming that my router is blocking the port I've chosen to use. Sound reasonable? How do I fix this? Do I need to FWD the port in the router control panel? I'm such a dim-bulb when it comes to this networking carp. I really have neglected that part of my education. That is because you are editing the wrong file. The file /etc/ssh/ssh_config is for the client and /etc/ssh/sshd_config is for the server: https://wiki.archlinux.org/index.php/Secure_Shell#Daemon Change the port in sshd_config, restart sshd and you should be good to go Quote
V.T. Eric Layton Posted March 17, 2012 Author Posted March 17, 2012 I edited them both. I changed the port and I changed to Protocol 2 in both. It wasn't working before because... DUH! I had only made the changes on the main system... not the remotes. HA! All's working now, though. Thanks! Quote
securitybreach Posted March 17, 2012 Posted March 17, 2012 I personally leave the default port on /etc/ssh/ssh.conf as I always specify the port when I connect to a host anyway. That part does not really matter as that is not for the server anyway. The only things I have uncommented on /etc/ssh/ssh_config is: Protocol 2 HashKnownHosts yes StrictHostKeyChecking yes ServerAliveInterval 60 Glad that you got everything working now!! Quote
securitybreach Posted March 17, 2012 Posted March 17, 2012 You can also have a banner for each client by editing /etc/issue and uncommenting this line in /etc/ssh/sshd_config: Banner /etc/issue Then you can have a nice graphic/banner when you ssh into the machines. Here is the one I use on my Linode: (I had to take a screenshot of it as the ascii was not lining up correctly) There are some more here: https://bbs.archlinux.org/viewtopic.php?pid=1039917 Quote
V.T. Eric Layton Posted March 17, 2012 Author Posted March 17, 2012 Pretty spiffy! I'm headed out to the shop to edit the ssh setup on that machine now. I also need to sync my FF and TB data. Haven't done that in a while. It'll be easier and faster via ftp/ssh than it was using thumb drives and walking back and forth from the main system out to the shop. Quote
V.T. Eric Layton Posted March 19, 2012 Author Posted March 19, 2012 SSH In Slackware and Arch - A Brief How-To Quote
securitybreach Posted March 19, 2012 Posted March 19, 2012 SSH In Slackware and Arch - A Brief How-To Quote
V.T. Eric Layton Posted March 19, 2012 Author Posted March 19, 2012 We're long overdue for a new Comhack article. What's up with that? Quote
securitybreach Posted March 19, 2012 Posted March 19, 2012 We're long overdue for a new Comhack article. What's up with that? Yeah, I know.... Been busy or lazy, I have not figured it out yet. I may review my new tablet that should arrive today. Of course I am not as good with words as you are Quote
V.T. Eric Layton Posted March 19, 2012 Author Posted March 19, 2012 You're not bad with words, either. You should write us up a good tutorial about doing something in Arch. Quote
securitybreach Posted March 19, 2012 Posted March 19, 2012 You're not bad with words, either. You should write us up a good tutorial about doing something in Arch. Thanks, I will try to write up something soon. Quote
V.T. Eric Layton Posted March 22, 2012 Author Posted March 22, 2012 Heh! Just for funzies, I decided to connect my main system and my lappy via MS Windows networking. The main system is XP and the lappy is 7. It took me all of about 5 minutes to get it going. MS does make it look simple sometimes. Quote
amenditman Posted March 23, 2012 Posted March 23, 2012 MS does make it look simple sometimes. They have to. Their target consumer is not technically savvy. (And yes, I chose to use the word 'consumer' and not the word 'customer') Quote
V.T. Eric Layton Posted March 23, 2012 Author Posted March 23, 2012 Nice of you to say that their consumer base is not "technically savvy" rather than "totally witless zombies". Quote
securitybreach Posted March 23, 2012 Posted March 23, 2012 Nice of you to say that their consumer base is not "technically savvy" rather than "totally witless zombies". Now now, we do not want to offend Quote
V.T. Eric Layton Posted March 23, 2012 Author Posted March 23, 2012 Of course not. That's why I was commending Bob on his tactful use of language. Quote
securitybreach Posted March 23, 2012 Posted March 23, 2012 Of course not. That's why I was commending Bob on his tactful use of language. I was kidding ya Quote
amenditman Posted March 23, 2012 Posted March 23, 2012 The target market has been carefully selected, trained, and brainwashed to meet the stringent requirements. :hysterical: How's that? More clear and direct. Quote
securitybreach Posted March 26, 2012 Posted March 26, 2012 I just ran across this link and thought I would share: So you think you know OpenSSH inside and out? Test your chops against this hit parade of 16 expert tips and tricks, from identifying monkey-in-the-middle attacks to road warrior security to attaching remote screen sessions. Follow the countdown to the all-time best OpenSSH command!... 16 Ultimate OpenSSH Hacks Quote
amenditman Posted March 26, 2012 Posted March 26, 2012 I just ran across this link and thought I would share: 16 Ultimate OpenSSH Hacks Nice article. Carla is a long-time linux gnuru and network administrator who also has the ability to teach others complicated subjects. Thanks for posting this. Quote
securitybreach Posted March 26, 2012 Posted March 26, 2012 Nice article. Carla is a long-time linux gnuru and network administrator who also has the ability to teach others complicated subjects. Thanks for posting this. Quote
V.T. Eric Layton Posted March 27, 2012 Author Posted March 27, 2012 Yup. As stated in response to your posting of this on my blog article, that is an outstanding Carla posting. I printed it to .pdf and stored it locally on my system. Handy-dandy tips! Quote
abarbarian Posted December 1, 2022 Posted December 1, 2022 (edited) On 10/24/2010 at 3:58 PM, amenditman said: That was the best one xckd has done in a while, all good, but that one was classic. Especially the crack at 'leet' speak. Love it.'Shiboleet' ~= ShibbolethWikipedia On 10/24/2010 at 8:32 AM, sunrat said: Urmas said: Just say The Word. I was just about to post a link to that till I read your post. One of xkcd's best! That is one side splitting comic. From my post about Kwixi in regard to xckd cartoons the Kwixi download does not seem to work. So I followed the trail back to the original xckd site which is most interesting. Welcome to the explain xkcd wiki! Quote We have an explanation for all 2705 xkcd comics, and only 27 (1%) are incomplete. Help us finish them! They have a list of all the comics in date order. https://www.explainxkcd.com/wiki/index.php/List_of_all_comics_(1-500) Why am I interested in necromancy or raising the dead, well I am not really. I did a site search for xckd as I though we had a thread here but it seems the search engine only gave me this one example of " xckd " in the archives so I posted here. Edited December 1, 2022 by abarbarian 1 Quote
V.T. Eric Layton Posted December 1, 2022 Author Posted December 1, 2022 AHEM! You think you could find some older threads to revive, @abarbarian? Quote
abarbarian Posted December 2, 2022 Posted December 2, 2022 20 hours ago, V.T. Eric Layton said: AHEM! You think you could find some older threads to revive, @abarbarian? I have some spare time at the moment so I'll be glad to give it a go mate. 1 Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.