Comments on: Securing your SSH access http://switch.richard5.net/2006/09/24/securing-your-ssh-access/ How to build your Mac into a internet server using open source software Tue, 17 Jun 2008 18:25:42 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: Nate Carroll http://switch.richard5.net/2006/09/24/securing-your-ssh-access/comment-page-1/#comment-5431 Nate Carroll Sat, 04 Nov 2006 19:34:16 +0000 http://switch.richard5.net/2006/09/24/securing-your-ssh-access/#comment-5431 Hi Richard, I used some software called "Secure Shell Helper" (http://www.gideonsoftworks.com/sshhelper.html) to help secure my Mac mini. You can turn off password-based SSH logins entirely and generate the required public and private key files for installation on your server and any client computers you'd like to connect from. And the keys can be encrypted so that they require a separate pass-phrase to be used before a successful connection can be made. Using key files instead of the normal passwords should potentially protect you more from brute-force dictionary login attacks. This setup would mean that you can't connect to your server from just any computer (unless you carry and install the right key file from a flash drive), but if you do most of your administration from one or two laptops, I think it's a good solution. -Nate Hi Richard,

I used some software called “Secure Shell Helper” (http://www.gideonsoftworks.com/sshhelper.html) to help secure my Mac mini. You can turn off password-based SSH logins entirely and generate the required public and private key files for installation on your server and any client computers you’d like to connect from. And the keys can be encrypted so that they require a separate pass-phrase to be used before a successful connection can be made. Using key files instead of the normal passwords should potentially protect you more from brute-force dictionary login attacks.

This setup would mean that you can’t connect to your server from just any computer (unless you carry and install the right key file from a flash drive), but if you do most of your administration from one or two laptops, I think it’s a good solution.

-Nate

]]>
By: dani http://switch.richard5.net/2006/09/24/securing-your-ssh-access/comment-page-1/#comment-3555 dani Tue, 26 Sep 2006 16:45:59 +0000 http://switch.richard5.net/2006/09/24/securing-your-ssh-access/#comment-3555 Hi Richard, I think SSH considers first the config file /etc/sshd_config before it reads the /etc/ssh_config file. It does not overwrite the values already set in /etc/sshd_config with the values you set in /etc/ssh_config. Or I am wrong? Cheers Dani Hi Richard,

I think SSH considers first the config file /etc/sshd_config before it reads the /etc/ssh_config file. It does not overwrite the values already set in /etc/sshd_config with the values you set in /etc/ssh_config. Or I am wrong?

Cheers

Dani

]]>