Re: securing sshd_config

From: Allanon (beppebest@tiscali.it)
Date: 11/04/02


From: "Allanon" <beppebest@tiscali.it>
Date: Mon, 4 Nov 2002 13:34:25 +0100


"Bill Unruh" <unruh@string.physics.ubc.ca> ha scritto nel messaggio

> ]PasswordAuthentication no
>
> This means you will be unable to log in from almost everywhere in the
> world. This means that ONLY those places with which you have exchanged
> your public key can log into your computer. I suspect you want this to
> be yes, so that you can use ssh from some other computer which has ssh
> installed, and log in by typing in your password.
>
>

first of all, thank you for youe help!

About the "PasswordAuthentication":
i read some articles on the web, and they say it would be better if i used
public key
and no other methods. so, if an user wants to connect to my ssh-server, he
has to
give me his public-key, so i have a complete control. with passwordAuth,
everyone on the
web could force and try and try passwords.
Aren't yu agree?

Moreover, i use ssh only for my personal use, so the only thing is to take
with me
my private key. no problem!

what do you think about?

Second thing, do you think that i have to add some other options, in my
config file?
Third:"PermitRootLogin"

> ]PermitRootLogin yes #i dont' know
> This means that if root tries to log in from somewhere else, is he
> allowed to do so? Since you wanted max security this should prob be no.

yes, but if I've the necessity of log-in like Administrator (i use Windows!)
In some documents i read that is better to log-in like normal user and,
then,
execute "su" to became root. It's good, but i don't know if it's possibile
in windows, and eventually HOW it's possible!
I also try to set it no "no", but i'm able to enter with the "Administrator"

Regards,
Giuseppe



Relevant Pages

  • Re: sftp Authentication Issue (Unix to Windows)
    ... KnowledgeBase article, ID 31930, posted on the ssh support website ... you must convert the public key format from SecSH (the format ... On which server is this meant to be run - the Unix or Windows? ...
    (comp.security.ssh)
  • Re: OpenSSH, Telnet, Windows Authentication and double-hops
    ... >> ssh -L) ... JM> in seperate DOS console windows in this order: ... I'm using the 3.8 version of OpenSSH. ... >> Kerberos ticket, or your password in order to acquire one. ...
    (comp.security.ssh)
  • Re: OpenSSH, Telnet, Windows Authentication and double-hops
    ... >> ssh -L) ... JM> in seperate DOS console windows in this order: ... >> Kerberos ticket, or your password in order to acquire one. ... JM> We're focusing on the OpenSSH for Windows distribution. ...
    (comp.security.ssh)
  • Re: OpenSSH, Telnet, Windows Authentication and double-hops
    ... deployment on a Windows network. ... Does this mean that you are setting SSH port forwarding ... does not provide the other side with either a Kerberos ticket, ... We're focusing on the OpenSSH for Windows distribution. ...
    (comp.security.ssh)
  • Re: FC6 VPN
    ... Then you can run any application you would like off the server by simply running it, or if you want to run a whole session, use gnomesession. ... ssh client that supports X forwarding, which is want you want to be looking at. ... SSH allows you to forward any local port to any remote port. ... If you need to connect to, say a windows share, you would forward your local port to the linux server through the ssh tunnel. ...
    (Fedora)