Re: need an efficient and secure sshd_config



I would suggest you provide them a public key. So here is what I would do:

1) create user/s
2) generate a public key for each user
3) use the public key for login
4) disable access unless used with public keys

Just my 2 cents.

Remo


On 7/14/09 12:04 PM, "Robert Hajime Lanning" <robert.lanning@xxxxxxxxx>
wrote:

On Tue, Jul 14, 2009 at 8:55 AM, J. Bakshi<bakshi12@xxxxxxxxx> wrote:
On Mon, 13 Jul 2009 10:00:52 +0200
matteo filippetto <matteo.filippetto@xxxxxxxxx> wrote:
Thanks for your response but I have not found yet what I'm looking for.
I need the configuration which actually suppress the hostname and the
domain/IP on client side. client will only be prompted for password.
The second thing the sshd should allow the client to be connected even
half an hour with out executing any command. Any such configuration
in openssh ?

The idle logout, isn't sshd. It is the shell. Look into the "autologout"
environment veriable for bash.

As for the client password prompt, that is not controllable from the
server side, without dropping everything and going for
"keyboard interactive" authentication. For that, you will have to
code your own authentication method.



Relevant Pages

  • [NT] Dark Age of Camelot Man-In-The-Middle
    ... use of RSA public key cryptography and an RC4 based symmetric algorithm. ... Seeing the imminent release of code for cracking the game client (which ... At the beginning of each TCP session, the server sends a 1536 bit RSA ... void bytes_out(unsigned char *data, int len) ...
    (Securiteam)
  • Re: Basics of key authentication
    ... The public key gets copied to the server, ... and the client decrypts it with its private key to prove he is who he ... and the digital signature to the server. ...
    (comp.security.ssh)
  • Re: Debian SSH server configuration
    ... I would like to configure a Debian server to only allow clients to ssh ... I don't want any client computers to be able to ssh into ... It sounds like what you are asking for is host based authentication, ... where the server check to make sure that it has the host public key ...
    (Debian-User)
  • RE: Cannot decrypt files encrypted using Crypto API on a different
    ... On the client computer you app first would try to open the container ... the server generates session key, wraps it with the client's public key, ... encrypts the content with the session key and sends both the wrapped session ... encrypt your data with this key ...
    (microsoft.public.platformsdk.security)
  • RE: Cannot decrypt files encrypted using Crypto API on a different
    ... previous message which uses the recipien't public key.) ... KEK (key encryption key) to protect the session key. ... embedded into your client app and server code). ... but what is the point to encrypt the data if ANYBODY can decrypt it (since ...
    (microsoft.public.platformsdk.security)