[sllug-members]: How does one properly implement OpenSSH?

Nathan Lane nathamberlane at gmail.com
Tue Mar 25 07:56:31 MST 2008 

That does help - thank you. I understand that security through obscurity is
a debatable method of security, and that it may give a false sense of
increased security.  I want to set it up in order to manage my server
remotely.  If my users are local users and not domain users, what is the
proper way to set them up? I've had difficulty because my user name seems to
be two words separated by a space, and logging in like

ssh localhost -l "Nathan Lane"

didn't seem to work.   That's why I'm here now.  Maybe I need to fix my user
name first?  The password file seems to contain both my workgroup and
correct username though.  But I didn't see a specific switch for
workgroup/domain, so I tried

ssh localhost -l "workgroup\Nathan Lane"

and that didn't work either. I haven't tried the key thing yet though...

On Tue, Mar 25, 2008 at 8:47 AM, Jeff Schroeder <jeff at zingstudios.com>
wrote:

> Nathan asked:
>
> > How does one properly implement OpenSSH?
>
> OpenSSH is a very versatile tool, used for everything from remote logins
> to encrypting CVS traffic to running X remotely.  There's no particular
> way to "implement" it... it depends on why you want it.  If you don't
> know why you want SSH, then you may not need it.
>
> > Do you need RSA keys?
>
> In order to do password-less authentication, yes.  You'll need a public
> and private keypair.  The private key is stored on your local (desktop)
> machine; the public key is copied to the remote server.  Then you can
> login to the server over SSH using the keys to authenticate you instead
> of a password.
>
> There are other uses for keys, such as validation, but I find
> password-less authentication to be the most useful.
>
> > Should I change the port number on which SSH accepts connections?
>
> Perhaps.  Many automated programs will attempt to make connections on
> the standard port (22) and hack into your server with usernames ranging
> from "root" to "webmaster" to "bob".  Moving it to another port will
> prevent many of those attacks, but of course you should already have
> strong passwords.  Moreover, changing ports is just security through
> obscurity, which is a debatable approach.
>
> > How do I set up users?
>
> For remote logins, the users are simply the system users on the server.
> In other words, if you have an account "george" on the server, then you
> can login as that user via SSH.
>
> Hope that helps.
>
> Jeff
>
>
>
> ______________________________________________________________________
> See http://www.sllug.org/ for latest SLLUG news, information, links.
> Join SLLUG and other UT LUG members on irc.FreeNode.net channel #Utah
> sllug-members at sllug.org
> http://www.sllug.org/cgi-bin/mailman/listinfo/sllug-members
>
>


-- 
Nathan Lane
Home, http://www.nathandelane.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://sllug.org/pipermail/sllug-members/attachments/20080325/a0b93bbe/attachment.html

More information about the sllug-members mailing list