sshd_config security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi, I want to know if there is a posibility to someone to enter my PC
using ssh if I restrict it only to my user and adding the line
PasswordAuthentication No yo my sshd_config file?


VampirD

Microsoft Windows is like air conditioning
Stops working when you open a window.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iEYEARECAAYFAkufzaIACgkQJQ+0ABWtaVksJACZAS1X+RFiqtzJyDZ4MkQSRofz
5twAoMogeV7sgLwHJ7jsHRIVz4964T+g
=pY1v
-----END PGP SIGNATURE-----

Theoretically, yes, it’s called “exploit”.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yes, if they use an authentication mechanism that does not involve
passwords (such as keys, which are automatically enabled but not
automatically generated so you would need to set it up still).

Good luck.

On 03/16/2010 12:26 PM, VampirD wrote:
> Hi, I want to know if there is a posibility to someone to enter my PC
> using ssh if I restrict it only to my user and adding the line
> PasswordAuthentication No yo my sshd_config file?
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJLn9AyAAoJEF+XTK08PnB55joQAJhexMzpY9+fk4dw2OrDun3J
SpC3XgJdvpzkfY57nBXL0LIUlOfL92YElNIYM/vpgV1ia2QpU/sLbniZgPK3jGCO
75yT/S8Ek64mBI7IVoB/PBQ4uXTeRl++9vemognX+OH2HD60ITzVJFdUbodNlL6J
vKZYubkseCdjzUa+6BHNt4F1XUVa+Oc57v703GJtyz+UwpiIQfDl9cnMgN9nYajs
jA5I9rzUUzb4KHFTfD76MihA6w1ABCCSufu+f7Drydhq7hL6wEyLiEzK/XwiZ0Ha
pOsmn62PotRMh7PGRBBnNxdkAcksmfe1nLMHAhVZBEH+Mjf4Axl2NrRmX/EjbUin
AkNIfo2w6N1VZpFfgCLeLH+WjpQ3L1V0y6yZsQNesM6HAh0En2FdJgEYbmdreZHa
NUCbfhtlqkw5dbV9sV9IxhAtzSuclW264EPaFsBO9nmz7ZnF9hN9q5XzRKYH858O
QQpRQ/gBihwI/oNsY5HyMrCMz1hTrSyyaNY43es41mi8VeakDQCew9iuATywYUUl
nS8CNfwLzimKcqyrnrfku4UGzKsGNJNReWFkzrBRSeSymJ3VphIRmyGdkM+1sJ7W
5tGXYCvsGdMKBUO5fIDQoHAmBfmqIj4brbZGf880Ur6FQxWicur6FCloUoVNVpG9
pMSwqWxnehzh0MpGttSy
=VN1l
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

damn, well, I change the default port, limited the conections to one,
only accept one user, deny root access, deny password authentication,
use only ssh 2. Is there any aditional restriction you suggest me to
secure it more?


VampirD

Microsoft Windows is like air conditioning
Stops working when you open a window.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iEYEARECAAYFAkuf1aUACgkQJQ+0ABWtaVnXMgCg48us0GKz68mlgD3Hw0nvmo+N
NrIAnRh1L1/BCP6NURn4d+HJdHSn4Vzf
=eq1X
-----END PGP SIGNATURE-----

On 03/16/2010 02:00 PM, VampirD wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> damn, well, I change the default port, limited the conections to one,
> only accept one user, deny root access, deny password authentication,
> use only ssh 2. Is there any aditional restriction you suggest me to
> secure it more?

Yes. Set the keys. See http://linuxproblem.org/art_9.html for details. The only
insecurity will be if someone steals your computer.

Considering the linked tutorial , not using a passphrase (for the keys themselves) is a very bad idea IMHO.

For convenience, there is still ssh-agent and ssh-add, so you only need to enter your passphrase once per session.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ok, thanks, I’m feeling a little paranoid today


VampirD

Microsoft Windows is like air conditioning
Stops working when you open a window.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iEYEARECAAYFAkuf2xEACgkQJQ+0ABWtaVmqHwCePng3H7GQOrL20J7oUwAEBY7J
gWkAoOaIn+pjW7iewKXGct9r5wt5tuTf
=FTJz
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

What’s the goal, exactly? If it’s to prevent access via SSH just disable
SSH and block the port. If it’s to just allow you then you’re on the
right track.

Good luck.

On 03/16/2010 01:23 PM, VampirD wrote:
> Ok, thanks, I’m feeling a little paranoid today
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJLn+ZXAAoJEF+XTK08PnB5uCEP/Rgl46bU8VIiggL41rvbLBHj
d1KYI8piqByiaDBDMoc1s35Heo5F/iHjWXFSGH5/0ge7dmHwHA0/USJSUmkvLV9S
0exiozduhlqO60++kRYSfWldIWTIn0NZ5hxKrA9MXCwMH8wh6uHchaLf42Npb5FU
fIQyLOXncA7o9cfaB/TrCyAs88zOfdaEoU4jyBZUYJdGjuBIY6aGRc82W1VU4a2C
WedpepKktf6042cwAyvsccGyigV9UGi0pKAkEXeL/qkSEi/b8x8vcJly9by9Y8dG
9pvV0pPZHbV2bD6JdlavbgUIkK5G0dS2TvEgWIvNT0NIhXLqYjc67SRaYZlGZfEV
YNAqtKLyuZsZMlGSin2mvmZutAchahoBRabAAfqdSQeCxv5UZ+qpkzcxeLIXDARO
Bhvct017++p2pgMhNHsCtceoio5OUVhm1COPGIf5emvZ5iNDWYIXLqvh4KMCDPDw
bCAOZMVEivTbkdIdAHhA09y0kF+U+zNc5lkMYT1YX1YPPXCdtCZTHeReyw8GLrky
j7hFbuKkDMcqh9cxOQkWvPlWSCLPr8WzggOFMb2jkzbrkI7Grk+ArQ42+NRQG96v
SuHHSqYT6JYbM0aCH68bQhRy0Qqr/wsEnJDWTo5ENL3dT/nHVis7bx26ShXE43si
Ls0njXD3YTIpdSCeBhJ3
=ST0o
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The goal is only allow me


VampirD

Microsoft Windows is like air conditioning
Stops working when you open a window.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iEYEARECAAYFAkuf51EACgkQJQ+0ABWtaVnnSgCfRTlK26SrCtVnot9oXSMwAtSM
i3QAnR6VstHUB1QXhmKBYvGz4GHyNFWH
=bgF7
-----END PGP SIGNATURE-----