All Questions
36
questions
0
votes
0
answers
140
views
Using PasswordAuthentication yes in sshd config but password is not accepted during login
I tried to enable password authentication in CentOS 7 only for one user - auditor, by having this lines in my sshd.config (at the end of file):
PubkeyAuthentication yes
ChallengeResponseAuthentication ...
0
votes
1
answer
375
views
I used ssh-keyscan to automatically allow fingerprints in production environment. whether it is good
Is there is any options to revert the mentioned action. whether it will cause any security breaches?
0
votes
0
answers
889
views
Disabling certain OpenSSH keys on OpenBSD: why the corresponding 'sshd_config' entries are ignored and why 'ssh-keygen -A' generates forbidden keys?
I am trying to achieve the followings on my OpenBSD 6.9 servers:
Forbidding the use of all keys but the ssh-ed25519 one on both SERVER and CLIENT sides.
Limiting ssh-keygen -A to generate keys only ...
2
votes
2
answers
863
views
Password security of encrypted SSH private key: How to read round number or costfactor of bcrypt
Here https://security.stackexchange.com/a/52564 you can read that newer OpenSSH versions use bcrypt for protecting the keyfile. Security of bcrypt depends on the costfactor see https://security....
1
vote
1
answer
46
views
What is the appropriate way of migrating credentials to a new machine?
The title probably looks a little too vague, but I feel that if I give more information I might as well put the whole text into the title.
Today I have two droplets on DigitalOcean with SSH enabled ...
2
votes
1
answer
274
views
Can OpenSSH automatically disconnect session at end of cert-based key's valid period?
I'm aware of the ability to logout inactive SSH sessions after a period of time but leaving something like "top" open works around that.
This question is more in the context of forceful disconnects ...
-1
votes
2
answers
2k
views
Access Denied to server linux SSH [closed]
I can't access the server using ssh user@IP with the right password i get access denied even though the sshd config is set correctly i restarted it reloaded nothing worked.
I generated an rsa key over ...
6
votes
2
answers
10k
views
Restricting a ssh key to only allow rsync/file transfer?
I have 2 servers (A & B), and I need to rsync files from A to B as root. Allowing root ssh login is possible (PermitRootLogin without-password), but I'd like to lock it down as much as possible. I'...
6
votes
4
answers
3k
views
How do you securely retrieve the ssh host keys from a google compute engine instance?
I want to update my ~/.ssh/known_hosts with the host key information for a newly created GCE instance. But I'm not sure how to securely retrieve that information.
I thought something like
gcloud ...
0
votes
2
answers
347
views
SSH Public Key Management for a small team
I'm setting up a deep-learning workstation in my college's lab. It's running Ubuntu Server 16.04 and I set up a SSH server in it, to control it remotely.
My task now is to make it available for my ...
3
votes
1
answer
4k
views
ansible ssh connections with two factor auth
I'm setting ansible to manage a whole farm of servers. My approach is the following:
Allow a user to connect to all servers protecting his connections with a heavy RSA key, passphrase protected, and ...
1
vote
1
answer
2k
views
Why can I ssh logon without key or password? How do I stop this?
I have just discovered I can log into my server as long as I provide a missing file to the ssh client!
What can I check to find out why and what can I change to stop this from happening?
Logging in ...
0
votes
3
answers
284
views
Re-using SSH keys
I just created a droplet on Digital Ocean and the documentation says:
If you do not already have an SSH key pair, which consists of a public and private key, you need to generate one. If you ...
6
votes
2
answers
18k
views
Forced to change expired password when using ssh key
I am working in an environment where I have an account on multiple linux machines where accounts and passwords are managed independently (no active directory/LDAP/etc) and passwords expire every 30 ...
10
votes
2
answers
613
views
Method to deprecate SSH key Pair locally
I've using my ssh-keys for a while. I'm thinking about to upgrade my ssh key pair to a stronger encryption and i dont know all devices where my keys are registered.
Is it posible to "deprecate" a SSH ...
2
votes
3
answers
382
views
is it safe to exchange a systems server ssh-keys?
Instead of exchanging ftp/sftp credentials over email is it safer to to exchange a systems ssh-keys over email? If a person didnt have the physical ssh private file, would a hacker be able to gain ...
5
votes
1
answer
4k
views
Git: expire ssh keys just like passwords expire?
I'm setting up git in a corporate environment. Git operations will be primarily though SSH using a single account with SSH keys used for access control. (http will be used for account configuration, ...
2
votes
2
answers
422
views
Restrict access to .ssh folder over network shares
I run a small server running Ubuntu Server 14.04 and have just noticed that the .ssh folder in the users home directory is accessible via SMB and NFS.
The SMB and NFS are both secured, however I ...
1
vote
2
answers
253
views
Ability to use SSH Key / PEM for web authentication in lieu of password protection?
I've been trying to figure out a way to lock down our dev site even more, and the idea came up that instead of using IP centric + Password protection, using something more akin to a PEM key, like I ...
1
vote
1
answer
177
views
Authorizing users to SSH into machine - where to configure?
Ubuntu Trusty here. I'm having some trouble deciding where in the system I should configure which users are to be allowed to ssh into the machine, and which keys they're allowed to use.
I've ...
2
votes
3
answers
199
views
To add security to SSH-keys from Man-in-middle-attacks [closed]
I would like to get Mobile-phone verification or something else besides the SSH-key verification.
How can you add defence to the SSH-keys?
2
votes
2
answers
791
views
Is it wise to use very secure password for sudo users when using SSH Keys for server login?
I am not asking how to do anything here, rather trying to understand best practices and the "right" way to handle server security. To prevent brute force password attacks, I have secured my server in ...
6
votes
2
answers
2k
views
How to limit access to the private ssh key using SELinux policies?
I'm using Fedora distro - with its preinstalled SELinux policies. I want to limit unsecured access to my private keys in ~/.ssh folder - to prevent leaking by possible malware, that may run under my ...
0
votes
1
answer
397
views
Using authority-given .cer file to login on remote servers on OS X
A few months ago I bought a certificate from a popular certification authority (Certum). I used it to sign emails, but today the admin at my work asked me to connect to our main server via ssh. He ...
0
votes
2
answers
168
views
puppet enterprise node install - Security risk?
I am learning puppet and using this tool install puppet clients on nodes.
puppet node install --login=root --keyfile=~/.ssh/id_rsa --install-script puppet-enterprise --installer-payload ~/puppet/...
3
votes
1
answer
865
views
SSH key-based authentication best practice
One of the security processes that we are thinking of changing is the way we allow users to access our servers. We have about 20 web servers where the only access is SSH and at the moment we use ...
1
vote
2
answers
101
views
Securing a remote LAMP server that uses Capistrano for Git deploys
I am deploying my Github repo to a Media Temple Grid Server using Capistrano. In order to do this, I've setup the following:
Enabled logging into the remote server with SSH keys (following this guide)...
11
votes
2
answers
873
views
What to do when someone logged as root on my server
I have a server running Debian 6.0 with logcheck installed.
Yesterday ago, I received this message:
Jan 19 19:15:10 hostname sshd[28397]: Authentication tried for root with correct key but not from a ...
1
vote
2
answers
270
views
prevent files modification from users: is this method safe?
I was wondering today if there was a way to enforce a non root user to have a specific authorized_keys file (among other sensible files). I came up with this solution.
Disable StrictModes in ...
3
votes
1
answer
136
views
Security issue with ssh on Debian server
I have setup Debian Squeeze on an old laptop to serve as a testbed. I have installed OpenSSH and edited /etc/ssh/sshd_config to use ssh keys and disallow password authentication.
I am able, however, ...
31
votes
1
answer
27k
views
Only allow password authentication to SSH server from internal network
I have an OpenSSH 5.9p1 server running on Ubuntu Precise 12.04 which accepts connections from both the internal network and the Internet. I'd like to require public key authentication for connections ...
6
votes
1
answer
421
views
identifying ssh trusts between multiple servers on a network
The problem:
We have many dev/qa/prod RH/Solaris servers with many accounts having ssh trust between them, including between servers in different environments (prod->prod, but also qa->prod). I know ...
74
votes
11
answers
32k
views
Why is SSH password authentication a security risk?
Most guides for OpenSSH configuration advise to disable password authentication in favor of key-based authentication. But in my opinion password authentication has a significant advantage: an ability ...
2
votes
1
answer
130
views
Most secure way to issue commands on ubuntu cluster with sudo'ing user?
This is sort of a follow-up question to an unanswered question I have regarding administration of Cloudera cluster, but I figure generalizing the question to all of Ubuntu may help me get an answer.
...
2
votes
1
answer
265
views
general ssh security - certificate authentication
I've used this article: http://developer.apple.com/library/mac/#documentation/MacOSXServer/Conceptual/XServer_ProgrammingGuide/Articles/SSH.html in order to help set up ssh certificates (I'm on mac os ...
5
votes
5
answers
4k
views
How can I flush my ssh keys on power management activity?
Using ssh-agent and private keys per the usual. Everything's working as normal.
My question regards best practices on flushing keys from ssh-add on activity like sleep, suspend, hibernate, etc. I ...