Ssh

From LinuxReviews
Jump to navigationJump to search

SSH allow you to access remote machines and use them as if they were a local system.

It allow allows you to easily copy files from one machine to the other:

scp localfile.tar.bz2 remoteuser@remotebox.tld:/path/to/placeit/

All KDE programs allow you to use remote SSH filesystems using KDE's fish in the file dialogs:

fish://username:passord@host.box/some/path

...will allow you to open and edit remote files as if they were local.

SSH Tips[edit]

Use aliases[edit]

You can use aliases in .ssh/config to make your SSH experience easier. Add something like this:

 Host alias1
     Hostname hostname
     User username
     [add extra options like authentication method, X11 forwarding, agent forwarding, private key to use and so on]

This will allow you to do scp file.tar.bz2 alias1:/path or fish://alias1/some/path (and get a password prompt). Less typing - and works with bash completion too.

Major thanks to ScriptedReplay

Security Tips[edit]

  • Run sshd on a different port. The scripts won't find you there. I don't like this option, because it requires me to specify the alternative port every time i ssh, scp, rsync, or svn. It's still about the easiest and most effective method.
  • Limit the connection rate to the port you're running sshd on. In many scenarios, it won't hurt you if you can't connect to it more than once in 5 seconds, but this will make a dictionary attack from a single machine very tedious. In OpenBSD 3.7, you can use pf with max-src-conn-rate.
  • Use a script like DenyHosts (http://denyhosts.sourceforge.net) or Daemonshield (http://daemonshield.sourceforge.net) to monitor your authentication log, and add suspicious hosts to a block list (either temporarily or permanently) or ScanAssassin (http://erichendrickson.org/output/scanassassin/). This looks like a very nice solution to me.
  • I got this one from my girlfriend: disable password authentication and use key-based authentication instead. This is my prefered solution, except that I have to solve some problems with public key authentication not working from some of the machines I use.
  • Limit the number of connections allowed to the ssh port during short intervals using iptables.

Major thanks to inglorion

Manual pages[edit]

External Links[edit]