sshd configuration (DSA authentication)

Posted by: admin at 11 Monday 8th, 2008

FreeBSD sshd is by default to boot.
 # which sshd
So, after the /etc/ssh/sshd_config to AllowUsers USERNAME only that, BURUTOFOSUATAKKU (brute force attacks) against the DSA should be authenticated.
If you look you see the access log, or the humble country crackers or分RIMASEN bots, you should find that traces of the attack.

Rewrite of the configuration file

 Protocol 2 
SSH2 protocol used
 PermitRootLogin no 
disable root login in
 PubkeyAuthentication yes 
Authentication Using DSA
 PasswordAuthentication no
PermitEmptyPasswords no 
No and no and no password authentication and password
 ChallengeResponseAuthentication no 
So no to no the password on it.

After rewriting sshd restart.
 # /etc/rc.d/sshd restart 
Or, in earlier versions may also be an error because, if it is in the following way.
 # ps aux | grep sshd
# kill -HUP  PID 

Private key id_dsa and public key to generate

Log in with ssh to enable users to access. root other)
Enter the following command.
 $ ssh-keygen -d 
 Generating public/private dsa key pair.
Enter file in which to save the key (/home/ USERNAME /.ssh/id_dsa):    [Enter] 
Created directory '/home/ USERNAME /.ssh'.
Enter passphrase (empty for no passphrase):                      [PASSWORD] [Enter] 
Enter same passphrase again:                                     [Re PASSWORD] [Enter] 
Your identification has been saved in /home/ USERNAME /.ssh/id_dsa.
Your public key has been saved in /home/ USERNAME /.ssh/
The key fingerprint is:
xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx  USERNAME @ HOST . DOMAIN . NAME 

Public key to rename the

 $ cd /home/ USERNAME /.ssh
$ mv authorized_keys
$ chmod 0600 authorized_keys 

Private key id_dsa to move to a client machine

ssh client to connect to the /home/ USERNAME /.ssh/id_dsa move. If you are concerned about security, FTP, etc. There is no USB floppy disk is a good memory and do in the process of using the media attention.
id_dsa to save the file, it will depend on the client terminal, please refer to your manual.
Personally open source Tera Term is a good idea.

Filed under General |

No Comments »