Ssh
From LinuxReviews
Jump to navigationJump to searchSSH allow you to access remote machines and use them as if they were a local system.
It allow allows you to easily copy files from one machine to the other:
scp localfile.tar.bz2 remoteuser@remotebox.tld:/path/to/placeit/
All KDE programs allow you to use remote SSH filesystems using KDE's fish in the file dialogs:
fish://username:passord@host.box/some/path
...will allow you to open and edit remote files as if they were local.
SSH Tips[edit]
Use aliases[edit]
You can use aliases in .ssh/config to make your SSH experience easier. Add something like this:
Host alias1 Hostname hostname User username [add extra options like authentication method, X11 forwarding, agent forwarding, private key to use and so on]
This will allow you to do scp file.tar.bz2 alias1:/path or fish://alias1/some/path (and get a password prompt). Less typing - and works with bash completion too.
Major thanks to ScriptedReplay
Security Tips[edit]
- Run sshd on a different port. The scripts won't find you there. I don't like this option, because it requires me to specify the alternative port every time i ssh, scp, rsync, or svn. It's still about the easiest and most effective method.
- Limit the connection rate to the port you're running sshd on. In many scenarios, it won't hurt you if you can't connect to it more than once in 5 seconds, but this will make a dictionary attack from a single machine very tedious. In OpenBSD 3.7, you can use pf with max-src-conn-rate.
- Use a script like DenyHosts (http://denyhosts.sourceforge.net) or Daemonshield (http://daemonshield.sourceforge.net) to monitor your authentication log, and add suspicious hosts to a block list (either temporarily or permanently) or ScanAssassin (http://erichendrickson.org/output/scanassassin/). This looks like a very nice solution to me.
- I got this one from my girlfriend: disable password authentication and use key-based authentication instead. This is my prefered solution, except that I have to solve some problems with public key authentication not working from some of the machines I use.
- Limit the number of connections allowed to the ssh port during short intervals using iptables.
Major thanks to inglorion
Manual pages[edit]
External Links[edit]
- OpenSSH OpenBSD's free SSH release