SSH (Secure shell) is a protocol for secure communication between computers to execute remote commands, transfer data and tunnel TCP connections.
2
votes
1answer
95 views
What is the actual value of disabling remote root login using ssh?
I have read the answers regarding why you should disable remote root login, but there is something nagging me. Assume this:
Scenario 1:
Remote server A.
Remote root login disabled.
Password ...
0
votes
2answers
75 views
Working from many places <-> being able to restrict SSH access to server to IP range
I administer a webserver, and while I'd like to restrict the SSH access to an IP range, I wouldn't be able to do so because a) I travel a lot and b) I don't have a static IP at my homeoffice.
I've ...
2
votes
1answer
42 views
SSH Protocol classification version exchange messages
I am trying to classify network protocols over network traffic . Now my task is SSH protocol. I read the RFC and know SSH starts with protocol exchange message from both client and server .
Format ...
6
votes
1answer
97 views
Using / finding covert channels in inter-process communication
I've got a class exercise that involves a virtual game of Werewolves/Mafia. We're not really taught how to do anything in this class, which makes it hard for everyone to do the labs.
The idea is that ...
1
vote
1answer
101 views
Vulnerability by leaving an open port in a pc
I have the following set-up.
Home pc ---reverse ssh tunnel---> to linux server
The reverse ssh tunnel is set-up so that on my home pc, port 22 is open, but I have nothing currently listening on that ...
4
votes
4answers
213 views
What are the ways to implement two factor authentication?
We have devices that can generate tokens. So we can use tokens with passwords to perform two factor authentication. There are many ways to implement such systems to enhance security. One of two I ...
3
votes
1answer
149 views
Two-factor authentication with ssh key authentication and yubikey?
OpenSSH won't invoke PAM at all if public key (RSA)
authentication is configured and the client presents a valid key.
So if you use key-based auth, you can't enforce 2FA easily.
One workaround for ...
5
votes
2answers
125 views
Linux forensics questions (ssh config, user activity)
I'm a linux noob and have an assignment I'm a bit stumped on... We're given VirtualBox (vdi) images and raw files for the state of a linux server at 3 different dates.
We're supposed to answer:
...
4
votes
2answers
118 views
SSH password vs. key authentication
I've usually been told that public key authentication is strongly preferred over password authentication for SSH. However our previous admin was against public keys and only issued passwords and took ...
3
votes
3answers
174 views
Using /usr/bin/passwd as login shell
I have a requirement to set up a SSH tunnel between two hosts. SSH server runs on a Linux host, and the SSH client (PuTTY) runs on a Windows host.
I have set up a separate user account (say 'tunnel') ...
0
votes
3answers
188 views
Brute forcing ssh keys
My problem is a common one: I deleted my SSH key, and forgot to set rm to point to a .trash file. I have the public key, and I need to get in this server. I am not doing this on anyone else's server. ...
1
vote
1answer
79 views
Custom Python Server - how to secure it?
I'm going to purchase my own dedicated server service soon and run few python server scripts on it.
Firstly, let me tell you that I am total noob when it comes to internet security and was unable to ...
2
votes
2answers
169 views
Converting keys between openssl and openssh
If I use the following
openssl req -x509 -days 365 -newkey rsa:2048 -keyout private.pem -out public.pem -nodes
I get private.pem and public.pem
If I use
ssh-keygen -t rsa -f rsa
I get rsa and ...
4
votes
1answer
53 views
GPG warns about unprotected subkeys while using monkeysphere
Issuing monkeysphere subkey-to-shh-agent GPG warns me:
gpg: about to export an unprotected subkey
then it asks for the passphrase and everything works fine.
What's the meaning of "export an ...
23
votes
4answers
1k views
Should I change the default SSH port on linux servers?
Is there any advantage in changing the SSH port, I've seen people do that, but I can't seem to find the reason why.
If you have a strong password and/or a certificate, is it useful for anything?
...
1
vote
1answer
107 views
What is the difference between RSA1 & RSA in regards to SSH? Also when is the fingerprint & random art used?
I have searched this site for RSA1 with no results. From multiple google searches I have understood that RSA1 was used in SSH1 (which isn't recommended). However if its a single algorithm why are ...
6
votes
1answer
231 views
Is it secure to transfer an RSA public key by email?
I've set up my VPS'ssh server to accept only key-based identification: I disabled password-based connection.
As a consequence I am connecting from home with an RSA key generated prior to password ...
0
votes
3answers
110 views
Make the public key unrecoverable given the private key
OpenSSL seems to bundle the private key together with the public key when it produces .pem files. Is there a way to prevent this from happening; i.e. prevent OpenSSL from creating a .pem private key ...
1
vote
4answers
219 views
Our logs showing a lot of SSH brute force attacks originating on Port 11
this forum has been brilliant so far. Just wondering if I can get a bit more help:
Can I get some info on a large amount of SSH brute force attacks originating from port 11 on the external host over ...
3
votes
1answer
230 views
How to set up OpenSSH to use x509 PKI for authentication?
I do not mean simply putting the public RSA key of a x.509 certificate into ~/.ssh/authorized_keys - I'm looking for a way to set up a ssh such that x.509 certificates signed by a pre-defined CA will ...
2
votes
2answers
159 views
How to secure a truecrypt container allowing access with multiple SSH public keys?
I would like to create a TrueCrypt container which can be accessed by multiple people. The container itself can be stored anywhere, e.g. in a shared folder in Dropbox or Google Drive, ...
I would ...
3
votes
2answers
130 views
What are the differences between ssh generated keys(ssh-keygen) and OpenSSL keys (PEM)and what is more secure for ssh remote login?
I have learned there are 2 methods to make SSH remote login easier and secure , those are;
ssh generated keys (using ssh-keygen)OpenSSH Keys
PEM (.pem) keys usually generated with OpenSSL (Amazon ...
1
vote
2answers
237 views
Is SSH2 still vulnerable to man-in-middle attacks?
With SSH using RSA public key authentication, can an attacker spoof the server IP address and connect with client to obtain client password?
0
votes
0answers
56 views
I need help configuring OpenSSH on Win2008 via CYGWIN [closed]
I need help configuring OpenSSH on Win2008 via CYGWIN!
THANKS in advance!
I am trying to configure an OpenSSH server on Windows Server 2008 Datacenter via CYGWIN. I have installed and configured ...
1
vote
1answer
464 views
SSH Bad Protocol Version Identification String- What is it?
I need some help identifying some Bad Protocol version identification errors from our server.
I've Googled the strings but not found much about it. We're getting the following:
sshd[xxxx]: Bad ...
1
vote
4answers
279 views
SSH: reusing public keys and known-man-in-the-middle
Usually, people recommend to use a single private-public key pair everywhere (if we're not talking about a possibility of compromising the private key):
Best Practice: “One per-user ssh key” or ...
12
votes
4answers
653 views
Attract Brute Force SSH Attacks
I posted a question on Server Fault, but got downvoted and had the question closed.
One of the comments suggested looking over here, so here goes:
For my senior project, I'm working on an ...
1
vote
2answers
259 views
how safe is a home NAS with ssh access?
I'm thinking about acquiring a NAS from Synology (or QNap), these are pretty cool NAS and do much more than just storing files.
Some extras include:
ssh, ftp, telnet, mail servers
photo gallery ...
2
votes
3answers
126 views
How to regain access to the server?
I have a Debian server with KVM available 24/7. It was recently broken into and its root password changed.
My hosting provider has restored my access and helped me change the password. But in the ...
3
votes
2answers
286 views
Disabling authentication via DSA keys in OpenSSH?
How can I disable DSA and ECDSA authentication on my server with OpenSSH 5.9? Sifting through the documentation material and doing a web search didn't yield any results - only an old bug report for ...
