Re: securing sshd_config

From: Allanon (beppebest@tiscali.it)
Date: 11/04/02 

From: "Allanon" <beppebest@tiscali.it>
Date: Mon, 4 Nov 2002 13:34:25 +0100

"Bill Unruh" <unruh@string.physics.ubc.ca> ha scritto nel messaggio

> ]PasswordAuthentication no
>
> This means you will be unable to log in from almost everywhere in the
> world. This means that ONLY those places with which you have exchanged
> your public key can log into your computer. I suspect you want this to
> be yes, so that you can use ssh from some other computer which has ssh
> installed, and log in by typing in your password.
>
>

first of all, thank you for youe help!

About the "PasswordAuthentication":
i read some articles on the web, and they say it would be better if i used
public key
and no other methods. so, if an user wants to connect to my ssh-server, he
has to
give me his public-key, so i have a complete control. with passwordAuth,
everyone on the
web could force and try and try passwords.
Aren't yu agree?

Moreover, i use ssh only for my personal use, so the only thing is to take
with me
my private key. no problem!

what do you think about?

Second thing, do you think that i have to add some other options, in my
config file?
Third:"PermitRootLogin"

> ]PermitRootLogin yes #i dont' know
> This means that if root tries to log in from somewhere else, is he
> allowed to do so? Since you wanted max security this should prob be no.

yes, but if I've the necessity of log-in like Administrator (i use Windows!)
In some documents i read that is better to log-in like normal user and,
then,
execute "su" to became root. It's good, but i don't know if it's possibile
in windows, and eventually HOW it's possible!
I also try to set it no "no", but i'm able to enter with the "Administrator"

Regards,
Giuseppe

Relevant Pages

  • Re: OpenSSH, Telnet, Windows Authentication and double-hops
    ... >> ssh -L) ... JM> in seperate DOS console windows in this order: ... I'm using the 3.8 version of OpenSSH. ... >> Kerberos ticket, or your password in order to acquire one. ...
    (comp.security.ssh)
  • Re: OpenSSH, Telnet, Windows Authentication and double-hops
    ... >> ssh -L) ... JM> in seperate DOS console windows in this order: ... >> Kerberos ticket, or your password in order to acquire one. ... JM> We're focusing on the OpenSSH for Windows distribution. ...
    (comp.security.ssh)
  • Re: FC6 VPN
    ... Then you can run any application you would like off the server by simply running it, or if you want to run a whole session, use gnomesession. ... ssh client that supports X forwarding, which is want you want to be looking at. ... SSH allows you to forward any local port to any remote port. ... If you need to connect to, say a windows share, you would forward your local port to the linux server through the ssh tunnel. ...
    (Fedora)
  • Re: OpenSSH, Telnet, Windows Authentication and double-hops
    ... deployment on a Windows network. ... Does this mean that you are setting SSH port forwarding ... does not provide the other side with either a Kerberos ticket, ... We're focusing on the OpenSSH for Windows distribution. ...
    (comp.security.ssh)
  • Explanation of SSH
    ... I am still unclear on how SSH works exactly. ... Client issues SSH command and names server ... "Shopper" says "server sends back its public host and server keys ... Surely there is only one public key it sends ...
    (comp.security.ssh)