Using multiple SSH private keys
I did some postings last year about SSH and making keys and how to move them to systems you are working with. What if you need to do this in reverse? You are the person setting up a system for others to work with and you want to pass the private key to the users. An example of this is Amazon’s EC2 setup where you get the private key to be able to log in to the VMs you make.
Setting up a remote Git repository
I been trying to use Git more and more to help me learn it. My first step was using it for the pre on this blog but I have also been using it on some small projects I been work on for myself. Git works just fine locally and still is able to use all the features it has but to really take advantage of Git you need to setup a remote repository and here is how to do it.
Stopping SSH Brute Force attacks on Linux
From my other posting “Stopping SSH Brute Force attacks with PF on FreeBSD” I’ve been getting a good number of hits from people searching on how to stop SSH Brute Force attacks but on Linux and not FreeBSD, so I kind of feel the need to make a posting on this for the linux people. I also just setup a Fedora 13 server on Rackspace’s Cloud and I wanted to ensure I could stop SSH Brute Force attacks.
Stopping SSH Brute Force attacks with PF on FreeBSD
Most people know that port 22 is used for SSH communication and due to this common knowledge, you get people using scripts to test for weak passwords. If you look into your /var/log/auth.log and you see tons of fails/errors from users not on your system or from invalid passwords for root, it means you have people trying to break into your system. Truthfully, anyone that puts a system online with port 22 open will see this happen to them.
Setting up a SFTP Only user on FreeBSD
Sometimes it’s nice to be able to share files with other people. There are many sites online where you are able to do this but you are limited by size, type of file, or lacking in security. SFTP gives you the ablity to transfer from your server securely. Users that have SSH access can start using SFTP right away with applications like WinSCP. You don’t want to give people full access to your system, so this is where SFTP only users come in to play.
Still Alive: Keeping your SSH alive
“This was a triumph.”
If you find your SSH connections dropping or locking up after not being used for some time you may want to try to edit your ssh_config (/etc/ssh/ssh_config) file and uncomment/add in the line ServerAliveInterval 30. The number is in seconds.
What this will do is send a small ‘keep-alive’ packet to the server to ensure you don’t get dropped.
Why is this happening? It could be settings on the server that drop users after set time of inactive use or due to a firewall/switch rule that drop inactive connections to improve the performance of the network.
Down the Rabbit Hole: SSH Tunneling
SSH is one of my favorite tools on a Linux/Unix system. There is so much you can do from copying files, to tunneling data security. SSH is a great way to get access to your system at home, but also access to your network. Lets go over some things about SSH tunneling and why it’s good to use!
Basic Idea: The idea of tunneling is to give you a secure way to pass data from one point to another.
Making and using SSH Keys
Ok, lets start with something easy! :)
What are SSH keys: SSH keys are a way to allow someone access to a user on another system without the need for a password. This is done with 2 key files one that is public and the other private. This is called “Public-key cryptography”. The public key will be sent to the server that you want to connect to and the private will stay on your local (or client) system.