How To Enable Two-factor SSH authentication via Google Authenticator
In this tutorial I'll show you how to set up two-factor authentication for SSH using Google Authenticator. Two-factor authentication is where you authenticate to a service (SSH in our case) with two pieces of information: one you know, and one you don't. The information you know is your password (which can be stolen) while the information you don't know is a randomly-generated PIN number that changes every few seconds. So even if your password is stolen, unless an attacker has the means to get the right PIN (tied to a hardware device), they cannot log into the protected service.
Print This Post
SSH Security: How To Block SSH Brute Force Attacks with SSHGuard
SSHGuard monitors logging activity and reacts to attacks by blocking their source IP addresses. sshguard has born for protecting SSH servers from the today's widespread brute force attacks, and evolved to an extensible log supervisor for blocking attacks to applications in real-time.
SSHGuard is given log messages in its standard input. By means of a parser, it decides whether an entry is normal activity or attack. After a number of attacks, the IP address is blocked with the firewall.
These are the available blocking backends:
- SSHGuard with PF (OpenBSD, FreeBSD, NetBSD, DragonFly BSD)
- SSHGuard with IP FILTER (FreeBSD, NetBSD, Solaris)
- SSHGuard with IPFW (FreeBSD, Mac OS X)
- SSHGuard with netfilter/iptables (Linux)
- SSHGuard with TCP wrappers / hosts.allow (almost any UNIX system)
Print This Post
How To Update all CentOS/RHEL servers remotely using a shell script
#!/bin/bash
#
# A simply shell script to update remote CentOS/RHEL servers
# You must have ssh public and private key installed. This will save a lot of time if you
# have many servers.
#
# by Adi https://blog.up-link.ro
# May 2010
# an array to store ssh commands for each server
hosts=(
"ssh root@192.168.1.1 yum update -y"
"ssh root@192.168.2.1 -p 2222 yum update -y"
"ssh adi@192.168.3.1 -t sudo '/usr/bin/yum update -y'"
)
# read the array and launch the ssh command
for sshcmd in "${hosts[@]}";do $sshcmd;done
Print This Post
SSH Security Tips – OpenSSH hardening security
In this article I'll show you some tricks to help you securing your OpenSSH service. Here you will find useful information on how to secure sshd and prevent ssh dictionary attack.
1. SSH security by tweaking sshd_config
The OpenSSH server configuration file is located in /etc/ssh/sshd_config. You need to restart sshd after every change you make to that file in order for changes to take effect.
- Change port number
Moving the SSH daemon off of port 22 protects you against automated attacks which assume that sshd is running on port 22.
Port 34912
- Allow only SSH protocol 2
Only SSH protocol version 2 connections should be permitted. Version 1 of the protocol contains security vulnerabilities. The default setting shipped in the configuration file is correct, but it's important to check.
Protocol 2
Print This Post
How To Set Up OpenSSH Public Key Authentication
Secure Shell or SSH is a network protocol that allows data to be exchanged using a secure channel between two networked devices. Used primarily on GNU/Linux and Unix based systems to access shell accounts, SSH was designed as a replacement for Telnet and other insecure remote shells.
Before we start, make sure your computer has a SSH client installed and the remote Linux system has SSH installed and sshd running.
1. Generating RSA key
You will need to generate the local RSA key by running the following command:
# ssh-keygen -t rsa
Print This Post
How To Access SAMBA shares through SSH in Linux
You can access Samba shares by using SSH tunneling. We need a host computer (x.y.z.w) and a destination computer (192.168.0.1, is located in the x.y.z.w network), we'll use adi as username and pass as password.
First we'll create a new mount directory:
# mkdir -p /mnt/share
Now we connect to it:
# ssh -N -L 139:192.168.0.1:139 adi@x.y.z.w
Now we have to run the following commands:
# umount /mnt/share
# mount -t smbfs -o username=adi,workgroup=WORKGROUP,password=pass,port=139,dmask=770,fmask=660,netbiosname=computer1 //localhost/share /mnt/share
x.y.z.w=computer's IP address
192.168.0.1=destination computer
adi=samba username
WORKGROUP=your workgroup
pass=password for the share
Print This Post
Subscribe
Calendar
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | ||||
| 4 | 5 | 6 | 7 | 8 | 9 | 10 |
| 11 | 12 | 13 | 14 | 15 | 16 | 17 |
| 18 | 19 | 20 | 21 | 22 | 23 | 24 |
| 25 | 26 | 27 | 28 | 29 | 30 | |
Polls
Loading ...Quote of the day
- Mark Twain -
Recent Posts
- Ubuntu: How to install the Classic Desktop in Ubuntu 11.10 (Oneiric Ocelot)
- FreeBSD: How to set up an UPnP Internet Gateway Device (IGD) with MiniUPnP and FreeBSD 9.0
- Ubuntu: How to build and install Linksys AE1000 Wireless-N linux driver on Ubuntu 11.10
- FreeBSD: How to Install and Configure a PPTP VPN server with mpd5 on FreeBSD 8.2
- UNIX Tips: How to find broken symbolic links
Recent Comments
- on FreeBSD: How To Upgrade FreeBSD 7 to 8 Stable Release
- on FreeBSD: How to Install Adobe Flash in FreeBSD 8
- on How To Reset Keyring Password in Ubuntu
- on Ubuntu: How to build and install Linksys AE1000 Wireless-N linux driver on Ubuntu 11.10
- on FreeBSD: How to set up an UPnP Internet Gateway Device (IGD) with MiniUPnP and FreeBSD 9.0
Blogs
Links
Archives
- March 2012 (1)
- February 2012 (1)
- January 2012 (1)
- December 2011 (1)
- November 2011 (4)
- October 2011 (1)
- September 2011 (1)
- August 2011 (1)
- July 2011 (3)
- June 2011 (1)
- May 2011 (1)
- December 2010 (1)
- November 2010 (1)
- October 2010 (4)
- September 2010 (4)
- August 2010 (5)
- July 2010 (3)
- June 2010 (9)
- May 2010 (13)
- April 2010 (23)
- March 2010 (18)
- February 2010 (6)