Mailinglist Archive: opensuse (1570 mails)

< Previous Next >
Re: [opensuse] Coordinated, distributed ssh attacks?
  • From: Per Jessen <per@xxxxxxxxxxxx>
  • Date: Mon, 05 Oct 2009 08:50:55 +0200
  • Message-id: <hac50f$b4k$1@xxxxxxxxxxxxxxxx>
David C. Rankin wrote:

On Sunday 04 October 2009 03:52:59 am Per Jessen wrote:
I'm still considering moving to the no-password-login setup as Hans
Witvliet suggested. It's clearly the optimal solution, I'm just a
little concerned about the management when each server needs to
"know" about (need to have the key) each possible client.



That's the best part about it. On each host, just do

cd ~/.ssh
ssh-keygen -t dsa
cp id_dsa id_dsa.hostname

do the same thing for root but append an r to the end of the names

Hi David

thanks, I'll have to take a closer look now. I do understand the
process, I've got a couple of dedicated users operating only with
challenge-response (for automated tasks).
I guess the main reason I'm a little concerned is that seen from an ssh
pov, I've got 13 external servers/client and 10-12 local
clients/servers. Times 4 users who at times will need the access.
Yes, local workstations have a shared /home, but production systems
don't nor do the external systems.

Hmm, I've just been reading a bit about ssh agent forwarding - that
might just solve part of my issue. I was thinking of the following
scenario: user-1 on client-1 connects server-1. Does some stuff, then
needs to rsync something from server-2 or client-4 - as long as
user-1@client-1 is allowed access to server-2 or client-4, will it
still work (via this ssh agent forwarding setup)?


Per Jessen, Zürich (9.6°C)

To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups