[CentOS] Securing SSH
Ingemar Nilsson
init at kth.se
Tue Mar 25 17:46:43 UTC 2008
Tim Alberts wrote:
> I got keys setup so I know
> I'm talking to my server.
This is probably not what he meant. You can use a key pair to
authenticate with the SSH server and turn off password authentication
entirely. That makes password guessing attacks utterly impossible,
because the server will only accept a response signed with your private key.
ssh-keygen -t rsa
or
ssh-keygen -t dsa
generates a key pair. Do this on your local machine, and append the
contents of your $HOME/.ssh/id_rsa.pub (or id_dsa if you chose DSA
instead of RSA) to your $HOME/.ssh/authorized_keys file on the remote
system.
This method is somewhat more complicated to setup, since all users must
have public keys in their $HOME/.ssh/authorized_keys file, or they can't
login.
Regards
Ingemar
More information about the CentOS
mailing list