Disable SSH Password Authentication for added security.

A while ago I wrote a bit about Shared Key Authentication for SSH, and discussed a bit about the benefits of enabling this on your own servers or even desktops. one of which is protecting your server against brute force attacks. However we never discussed that in order for your system to be truly protected from a brute force attack on your password you need to disable password authentication on your server. Please note before attempting this make sure that your keys work because if your configuring your server remotely and you disable password authentication you will lock yourself out. Once you are sure that you can log into the remote host using your private key, we can safely disable the user name/password authentication.

The procedure to set this up is extremely simple. I’ll be showing you this on a Ubuntu Server install with OpenSSH but the procedure is similar on other setups. On a Ubuntu server the file will be located in /etc/ssh/sshd_config. your going to want to add the following to the config file (or change the values if they already exist.

ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no

Once you save the changes you’ll need to reload the SSH server with the following command.

Update 07/17/2012: Thanks to a reeder who pointed out something I missed, Ensure you’ve enabled public key authentication, I’ve noted that most often this is enabled by default but if its not YOU WILL lock yourself out. ensure the following is set in your configuration.

PubkeyAuthentication yes

And then reload the SSH Service.

User@Host:~$ /etc/init.d/sshd reload

Thats it, your server should no longer accept user name/password authentication.

 

No tips yet.
Be the first to tip!

Like this post? Tip with bitcoin!

14qA8oVoK4RsBV3Qv7zbD9ZgnVUg9mzFXU

If you enjoyed reading this post, please consider tipping me using Bitcoin. Each post gets its own unique Bitcoin address so by tipping you're not only making my continued efforts possible but telling me what you liked.

Shared Key SSH Authentication

If you’re like me, you find yourself connecting to the same servers 15-20 times a day. Why not set up Shared Key Authentication? It makes establishing an SSH connection much easier but also makes setting up scripting much easier as well.

However, before skipping on down to the instructions, please make note of the following. If you run 20 servers and allow all 20 servers to use Shared Authentication to communicate with all other 20 servers, and just ONE of those servers gets compromised, all your servers are now compromised.

One way to help avoid this is to disable Password authentication all together, brute force hacking attempts on your password are now rendered useless.

Its a fairly good idea not to overuse Shared Key’s.

For example, given the situation above, is it really necessary for all 20 machines to communicate with all the other machines? Only allow machines to trust other machines if they really need to.

Also its a very good idea NOT to allow the root user the ability to use Shared key Authentication. Its better to connect using a normal account and set up the root from there.

With the preliminaries out of the way, lets get down to business. This is actually VERY easy to set up.

Lets say you have two servers you want to trust each other. To keep things simple, let’s name them Bart and Lisa. We’ll say I have an account on both machines called Brandon.

Here’s how you start:

brandon@bart:~$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/brandon/.ssh/id_rsa): [enter]
Enter passphrase (empty for no passphrase): [enter]
Enter same passphrase again: [enter]
Your identification has been saved in /home/brandon/.ssh/id_rsa.
Your public key has been saved in /home/brandon/.ssh/id_rsa.pub.
The key fingerprint is:
55:44:80:bb:df:e8:db:2e:fe:fb:bf:aa:c5:c2:c4:0f

Ok, when it asks you where to save the file just accept the default and hit enter. Do the same when prompted for a passphrase. If you don’t do this, you’ll have to enter a password every time you use the key pair and void the entire reason were setting this up. =)

Fortunately,that was the hardest part.

Your next step will be to get the public key over to the server, named Lisa, that we are connecting to. You can do this pretty much anyway but I just scp’d it over.

brandon@bart:~$ scp .ssh/id_rsa.pub lisa:.ssh/authorized_keys

Now the above will only work if Lisa is on the local network, otherwise you’ll want to replace Lisa with the server’s IP address, like so:

brandon@bart:~$ scp .ssh/id_rsa.pub 1.1.1.2:.ssh/authorized_keys

That’s it. Now lets try to SSH over.

If you did everything right, you shouldn’t be prompted for a password when you SSH over to Lisa from Bart

brandon@bart:~$ ssh lisa

or…

brandon@bart:~$ ssh 1.1.1.2

and you should be presented with!

brandon@lisa:~$

Now that’s cool.

Also note that this is a one way trust. Meaning Lisa trusts Bart to connect to her, but Bart still doesn’t trust Lisa. If you want to establish a two way trust, simply repeat the same instructions the other way around.

If you have any questions regarding this process please feel free to leave a comment and I’ll do my best to answer your question.

No tips yet.
Be the first to tip!

Like this post? Tip with bitcoin!

1PFED9uZCbpFJNrNddp1ELuSaEsX3jVjJj

If you enjoyed reading this post, please consider tipping me using Bitcoin. Each post gets its own unique Bitcoin address so by tipping you're not only making my continued efforts possible but telling me what you liked.

How do I turn my iMac Screen off!?!?

I noticed quite a bit of threads out there of people asking how to turn off the Screen on the iMac while leaving the system on. I also noticed quite a few people having no clue how to help those asking this question.

We’ll the answer is actualy pretty simple but I’m here to revel it to all.

  • first thing you want to do is bring up your System Preferences screen (Apple > System Preferences).
  • Next bring up the Desktop & Screen Saver Options under Personal,
  • Now click the “Hot Corners….” Button on the lower left side of the screen
  • Here you can select a corner of the screen and select “Sleep Display” on that corner

I have my system set up to put the screen to sleep when I move the mouse into the bottom right, and activate the screen saver when I move it into the bottom left. Now if only I could find a way to put the display to sleep via an apple script.

Blogged with the Flock Browser

Tags: , , ,

No tips yet.
Be the first to tip!

Like this post? Tip with bitcoin!

1F37CqQZmfDeurpSJBhE9EmeNA1xFwvJSi

If you enjoyed reading this post, please consider tipping me using Bitcoin. Each post gets its own unique Bitcoin address so by tipping you're not only making my continued efforts possible but telling me what you liked.

K2 Back!

K2 is back, but is RC5 out? nope, I did a bit of research and discovered the reason k2 was not working with WordPress 2.5 was actually the fault of the new WordPress 2.5 dashboard. While the new Dashboard is pretty impressive it now uses widgets.

Herein lies the problem k2 blocks the wordpress widgets to instead use its built in sidebar, now I love this sidebar. so the solution to getting k2 to function is to disable its ability to block widgets when displaying the admin screen. this can be done by modifying the widgets-removal.php located in:

wp-content/themes/k2b/app/includes

simply update the entire contents of that file to the following.

I’ve also noticed that in a few cases you will still receive errors when trying to view the admin panel. I was able to solve this by renaming the k2 directory to something different k2b for example. then under the themes section of the admin control panel reactivate k2.

No tips yet.
Be the first to tip!

Like this post? Tip with bitcoin!

1JcBS43SXy2pE7iGNjsjR7AjnNM34ZHZn2

If you enjoyed reading this post, please consider tipping me using Bitcoin. Each post gets its own unique Bitcoin address so by tipping you're not only making my continued efforts possible but telling me what you liked.

iTunes, and Smart Playlists

smartplaylists1.pngAs I promised in my last post, here’s a quick walk-through on creating your own Smart Playlists for iTunes.

This is handy if you have an iPhone, but your music library is larger than 8Gigs. It works just as well with a Nano or any iPod smaller than your collection.

Your first step is to select “New Smart Playlist…” from the File Menu.

This will bring you to a new window with several options.smartplaylists2.png Next you’re going to want to make some selections.

For this example, I’m creating a playlist that contains the music I’ve listened to over the past 2 weeks. This playlist is real handy when you’re out and you want to listen to a song that came up in iTunes last night while you were home.

Assuming you sync’d your device before you left that is.

This Smart Playlist will contain that song, as well as everything else you’ve listened to over the past 2 weeks.

Another handy feature available allows you to limit the playlist to a fixed size, if you don’t want to fill up the entire device. Because I store movies and other goodies on my iPhone too, I have this list capped at 1Gig. (I’ll display my settings for this playlist later.)smartplaylists3.png

For this next drop down option, you’re going to want to select “is in the last” and then enter 1 month, 2 weeks, or whatever time frame you want this list to go backwards.

In the example image I used 1 month.For my own playlist, I use 2 weeks.

Finally, be sure that you have the “Live Updating” box checked. This ensures the playlist updates in real time. If you leave this box unchecked, it builds a static playlist that meets the criteria.

However, when you listen to new music, it doesn’t update the playlist. Instead it stays exactly the same as when it was created.

Live updating allows it to constantly update based on the music you’ve listened to recently.

Thats it! You have just created a simple Smart Playlist using iTunes.smartplaylists4.pngHere are the settings for the playlist I use.

I have a few more options set in order to prevent the my audio books and podcasts from appearing in this playlist. I use separate playlists to sync that content over.

No tips yet.
Be the first to tip!

Like this post? Tip with bitcoin!

164puxDgUKPDW4Kb38bicoYfjzas1Pii6y

If you enjoyed reading this post, please consider tipping me using Bitcoin. Each post gets its own unique Bitcoin address so by tipping you're not only making my continued efforts possible but telling me what you liked.