Episode 37 - SSH

[Chess]

In this episode: Linux Reality server move; my initial impressions of the Release Candidate of Ubuntu Edgy Eft; a discussion of OpenSSH with an emphasis on ssh, scp, ssh-keygen, public/private key authentication, and dynamic port forwarding (additional link to PuTTY, a Windows SSH client); a Listener Tip on the Flock web browser; listener feedback.

http://www.linuxreality.com/podcast/episode-37-ssh/

[Halitech]

um, wow, wait a minute. this episodes not supposed to be out for a few days yet. whats up with throwing my listening schedule off? never mind, I'll enjoy it in the morning on the way to work

[Chess]

Heh, yeah, just a little surprise.  Enjoy!

[Halitech]

I enjoy them all and can't wait till you start doing 2 shows a week (hint hint)

[dwmoar]

You spoke about changing the port number of ssh to something beside port 22. Though this might stop some of the casual thugs from trying to crack your system, it isn't that hard to scan and find out the port that you have chosen to move ssh to.  Another way would be to use a program called DenyHosts which scans the auth.log file and than adds all ip(s) that scans your ssh to the hosts.deny file. Their website is http://denyhosts.sourceforge.net/  It is extremely easy to configure and can be configured to suite almost any needs or wants.

[Chess]

You spoke about changing the port number of ssh to something beside port 22. Though this might stop some of the casual thugs from trying to crack your system, it isn't that hard to scan and find out the port that you have chosen to move ssh to.  Another way would be to use a program called DenyHosts which scans the auth.log file and than adds all ip(s) that scans your ssh to the hosts.deny file. Their website is http://denyhosts.sourceforge.net/  It is extremely easy to configure and can be configured to suite almost any needs or wants.

Very true.  I was not trying to cover hardening a server in-depth, but just an easy change to deter most scripted attempts.  I have used the brute force detection script to populate /etc/hosts.deny in a similar fashion, but have not checked out the DenyHosts script.  It looks really great -- thanks for pointing it out.  I am definitely going to check it out.

[Chess]

I enjoy them all and can't wait till you start doing 2 shows a week (hint hint)

My wife would kill me. 

[Halitech]

I know the feeling

[Halitech]

I'm hoping its just me but I tried to use amorok to download the latest episode but for some reason t won't grab it, doesn't see any new episodes. LInk works fine from the front page though. just letting you know.

[Chess]

I'm hoping its just me but I tried to use amorok to download the latest episode but for some reason t won't grab it, doesn't see any new episodes. LInk works fine from the front page though. just letting you know.

No, I don't think it's you.  The main feed is not updating.  The Ogg feed updated ok, but for some reason the other one didn't.  I will need to investigate...

[thelastknowngod]

ahh yes i was just going to post that itunes wasnt pulling it down either.

[Chess]

Ok, I got it fixed.  Thanks for letting me know.

[Chess]

Timely article:

http://www.debian-administration.org/articles/449

[Drinkman]

Chess,
        Just wanted to say great episode on ssh, now I have a good understanding of ssh and how to use it. Thanks for the great podcast.

[jza]

I always wonder about how secure is to hold tunneling. Most token rings apply when u have blank password. There is an issue since there is no authentication.

On other ssh topic I have read an article on ControlMaster at linux.com and I think there is a great benefit to learn about this because it allows you to manage multiple connections to a machine on a more robust and organized way.

http://www.linux.com/article.pl?sid=06/05/19/145227

This article is really great because you just need to edit your configuration file and type:
Host *
ControlMaster auto
ControlPath ~/.ssh/master-%r@%h:%p

Note that the ControlPath expansion of the remote name (%r), host (%h), and path (%p) only works with OpenSSH 4.2 or newer.

Then run the primary connection like this:
ssh -M -S ~/.ssh/remote-host user@remotehost
and then for additional connections you type:
ssh -S ~/.ssh/remote-host user@remotehost

this will speed up your authentication process.