|| Link Me
Free: [ Guestbook || MessageBot || Plugins || Counter || AusPrices || Advertise ]
Yeah it's bad, lots of info on the newsgroups as to why it's bad, but for us, it's about stopping passwords going across int he clear text. This is the level of security that we require. I don't recommend you do this, there are security issues, and you should do such things without understand the security implications.
ssh-keygen -t rsa -f ~/.ssh/id_rsa -N "" cat id_rsa.pub >> authorized_keys2 copy the authorized_keys2 to the other machine (just cat it to the end)Also check /etc/ssh/ssh_config, basically look for "PubkeyAuthentication yes" (and in sshd_config). Also useful is ssh -v, and "LogLevel DEBUG" in sshd_config.
Use the following files are your own risk, you may open up security holes.
My /etc/ssh/ssh_config (nothing exciting here)
[cameron@jack cameron]$ cat /etc/ssh/ssh_config # $OpenBSD: ssh_config,v 1.9 2001/03/10 12:53:51 deraadt Exp $ # This is ssh client systemwide configuration file. See ssh(1) for more # information. This file provides defaults for users, and the values can # be changed in per-user configuration files or on the command line. # Configuration data is parsed as follows: # 1. command line options # 2. user-specific file # 3. system-wide file # Any configuration value is only changed the first time it is set. # Thus, host-specific definitions should be at the beginning of the # configuration file, and defaults at the end. # Site-wide defaults for various options # Host * # ForwardAgent no # ForwardX11 no # RhostsAuthentication no # RhostsRSAAuthentication yes # RSAAuthentication yesMy /etc/ssh/sshd_config
# $OpenBSD: sshd_config,v 1.38 2001/04/15 21:41:29 deraadt Exp $ # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin # This is the sshd server system-wide configuration file. See sshd(8) # for more information. Port 22 #Protocol 2,1 #ListenAddress 0.0.0.0 #ListenAddress :: HostKey /etc/ssh/ssh_host_key HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key ServerKeyBits 768 LoginGraceTime 600 KeyRegenerationInterval 3600 PermitRootLogin no # # Don't read ~/.rhosts and ~/.shosts files IgnoreRhosts yes # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes StrictModes yes X11Forwarding yes X11DisplayOffset 10 PrintMotd yes #PrintLastLog no KeepAlive yes # Logging SyslogFacility AUTHPRIV LogLevel INFO #obsoletes QuietMode and FascistLogging RhostsAuthentication no # # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts RhostsRSAAuthentication no # similar for protocol version 2 HostbasedAuthentication no # RSAAuthentication yes # To disable tunneled clear text passwords, change to no here! PasswordAuthentication yes PermitEmptyPasswords no # Uncomment to disable s/key passwords #ChallengeResponseAuthentication no # Uncomment to enable PAM keyboard-interactive authentication # Warning: enabling this may bypass the setting of 'PasswordAuthentication' #PAMAuthenticationViaKbdInt yes # To change Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #AFSTokenPassing no #KerberosTicketCleanup no # Kerberos TGT Passing does only work with the AFS kaserver #KerberosTgtPassing yes #CheckMail yes #UseLogin no #MaxStartups 10:30:60 #Banner /etc/issue.net #ReverseMappingCheck yes Subsystem sftp /usr/libexec/openssh/sftp-serverIf you change this file you should do /etc/rc.d/init.d/sshd restart Also check your firewall to make sure that ssh is allowed.
When doing scp or ssh, you can use the -C command line option to speed up commands and copies. The cool thing is that you can run this for a normal shell, so if you do:
[cameron@tiger cameron]$ ssh -C machine.host.comThen the connection will actually run faster (and, as a side effect, is actually slightly more secure).
Slow login? disable dns lookups on server /etc/ssh/sshd_config
SSH tunnel with compression
ssh -C2qTnN -L 192.168.0.14:143::143 firstname.lastname@example.org
ssh -R 10044:localhost:22 user@publicmachineThen when you are actually logged into "publicmachine", then anytime you wanted to connect to the private machine, you would run:
ssh -p 10044 -l whateveruser localhostWhere "whateveruser" is a user on private machine.
Note that what I do is setup an authorized key, and run it through a loop like this:
while [ 1 ]; do ssh -R 10044:localhost:22 user@publicmachine echo connected\; sleep 10000 sleep 1 done
ssh -R 10080:Y:80 user@publicmachineSo now when you do a connection to port 10080 on "publicmachine" it will connect you to port 80 on machine "Y"
Last Change: Saturday, 16-Jan-2010 08:25:17 EST
The information provided within these pages is provided AS IS, and without any
warranty. Following these directions may (but not limited to)
crash your computer, delete all the information on your hard disk, open up security holes or cause your house to burn down.
I made these pages to provide some information about the setup that I have done,
but I did not proofread it for correctness, and in most cases did not test it.
There are commands in these pages that would definately delete or corrupt all
the data on your computer (especially the dualboot section). In fact it happened
So you are on your own!
The information provided within these pages is provided AS IS, and without any warranty. Following these directions may (but not limited to) crash your computer, delete all the information on your hard disk, open up security holes or cause your house to burn down. I made these pages to provide some information about the setup that I have done, but I did not proofread it for correctness, and in most cases did not test it. There are commands in these pages that would definately delete or corrupt all the data on your computer (especially the dualboot section). In fact it happened to me.... So you are on your own!