sshd configuration (DSA authentication)
Posted by: admin at 11 Monday 8th, 2008
FreeBSD sshd is by default to boot. # which sshd
/usr/sbin/sshd
/etc/ssh/sshd_config to AllowUsers USERNAME only that, BURUTOFOSUATAKKU (brute force attacks) against the DSA should be authenticated. If you look you see the access log, or the humble country crackers or分RIMASEN bots, you should find that traces of the attack.
Rewrite of the configuration file
/etc/ssh/sshd_config
Protocol 2
PermitRootLogin no
PubkeyAuthentication yes
PasswordAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
no the password on it. After rewriting
sshd restart. # /etc/rc.d/sshd restart
# ps aux | grep sshd
# kill -HUP PID
Private key id_dsa and public key id_dsa.pub to generate
Log in with ssh to enable users to access. root other) Enter the following command.
$ ssh-keygen -d
Generating public/private dsa key pair.
Enter file in which to save the key (/home/ USERNAME /.ssh/id_dsa): [Enter]
Created directory '/home/ USERNAME /.ssh'.
Enter passphrase (empty for no passphrase): [PASSWORD] [Enter]
Enter same passphrase again: [Re PASSWORD] [Enter]
Your identification has been saved in /home/ USERNAME /.ssh/id_dsa.
Your public key has been saved in /home/ USERNAME /.ssh/id_dsa.pub.
The key fingerprint is:
xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx USERNAME @ HOST . DOMAIN . NAME
Public key id_dsa.pub to rename the
$ cd /home/ USERNAME /.ssh
$ mv id_dsa.pub authorized_keys
$ chmod 0600 authorized_keys
Private key id_dsa to move to a client machine
ssh client to connect to the /home/ USERNAME /.ssh/id_dsa move. If you are concerned about security, FTP, etc. There is no USB floppy disk is a good memory and do in the process of using the media attention. id_dsa to save the file, it will depend on the client terminal, please refer to your manual. Personally open source Tera Term is a good idea.
Filed under General |
