[NBLUG/talk] FOLLOW-UP: I'm getting ssh scanned! Should I be worried?

Augie Schwer augie.schwer at gmail.com
Fri Oct 22 22:24:19 PDT 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 18 Oct 2004 11:28:36 -0700, Dave Sisley <dsisley at arczip.com> wrote:
> Then I generated some ssh key pairs on my home machine and the laptop
> I usually log in from (as well as on my sonic shell account - see more
> below).
> My only hesitation was that setting up ssh this way would prevent me
> from logging in to my home box from some machine when I hadn't put the
> public key from that remote machine into the authorized_keys2 file of
> my home machine.

You don't have to create all these key pairs if you don't want to.
One key pair would suffice.

Just create one key pair; keep the private key only on trusted
machines and upload the private key to the servers you want
to log on to.
 
> To work around this issue, I figured out a scheme (which you are all
> encouraged to critique).  Since I have shell access at sonic, I just
> set up a key pair between that server and my home box.  So, when I'm
> at school or anywhere else, I can log in to my sonic account with a
> password and then reach my home machine from there.  I also considered
> Frank's suggestion to carry my home key with me on a floppy (or other
> medium), but I knew I would forget to lug it around.

Frank is absolutely right; do not ssh from un-trusted machines, and
do not keep your private keys on un-trusted machines.

> I'd also like to use a non-standard port for ssh, but I've run into
> some confusion; I must be missing something.  I thought that all I
> need to do is edit sshd_config so that the daemon is listening on the
> new port:
> #Port 22
> Port <some really high number, above 1024>
> Now restart sshd.
> Then, when I log in from a remote box, I just need to tell ssh to use
> that new port number:
> ssh -p <really high number> me at my.home.machine
> Unfortunately, I get a 'connection refused' message.  I even tried
> regenerating the keys on the remote box and rebooting my home machine
> (in case some service other than sshd needs restarting).
> Anybody know what I'm missing?

That's all it should take. Does it work when you change it back to the
standard port?

What does ssh -v me at my.home.machine say?

Augie.


- -- 
Registered Linux user #229905
GPG Public Key: http://www.schwer.us/schwer.asc
Key fingerprint = 9815 AE19 AFD1 1FE7 5DEE 2AC3 CB99 2784 27B0 C072


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBeeqTy5knhCewwHIRAg1WAKCFMkp2cdqL0s9706vu0OvxySgNHwCfS22j
rJnYBqnne1g7DCMaUo06JE8=
=xq5x
-----END PGP SIGNATURE-----

More information about the talk mailing list