search for: securingssh

Hi, I propose to add a Q and A to the FAQ section of the SecuringSSH HowTo<https://wiki.centos.org/HowTos/Network/SecuringSSH> documenting the business of setting setsebool -P use_nfs_home_dirs 1 to allow public key authentication between machines that share nfs home directories as per https://www.centos.org/forums/viewtopic.php?t=49194 could I get editing r...

...he last minute." Important distinction as it opens you up to being denied login when anyone tries to brute force. Might be worth dropping the limit example altogether since the preceding -m recent example is far safer. -- -Eli [1] Third set of rules on http://wiki.centos.org/HowTos/Network/SecuringSSH#head-a296ec93e31637aa349538be07b37f67d836688a -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos-docs/attachments/20131228/3109fb93/attachment-0006.html>

...ibution guidelines and previously contributed. Yours, Brian On Wed, 7 Jun 2017, centos-docs-request at centos.org wrote: > > On 6 June 2017 at 12:43, Brian Smith <Brian.Smith at glasgow.ac.uk> wrote: >> Hi, >> >> I propose to add a Q and A to the FAQ section of the SecuringSSH HowTo >> documenting the business of setting setsebool -P use_nfs_home_dirs 1 to >> allow public key authentication between machines that share nfs home >> directories as per >> >> https://www.centos.org/forums/viewtopic.php?t=49194 >> >> could I get editin...

...o extend to v6 the firewall would fail to reload). I came up with an "all firewall-cmd" solution which I'd like to share. It boils down to using rich rules in firewalld instead of direct rules for iptables. The code snippets in section 6 of < https://wiki.centos.org/HowTos/Network/SecuringSSH> would be changed to firewall-cmd --permanent --add-rich-rule='rule port port="22" protocol="tcp" accept limit value="4/m"' firewall-cmd --permanent --remove-service ssh firewall-cmd --permanent --remove-port 22/tcp firewall-cmd --reload newly minted wiki...

here: http://wiki.centos.org/HowTos/Network/SecuringSSH the recipe for how to copy your id_rsa.pub file to a remote system is given as: "Copy the public key (id_rsa.pub) to the server and install it to the authorized_keys list: $ cat id_rsa.pub >> ~/.ssh/authorized_keys" i suspect it would be better if that were rewritten in terms...

Hi, just a quick note to whoever is maintaining this page: http://wiki.centos.org/HowTos/Network/SecuringSSH The procedure is missing the firewall-cmd calls necessary in EL7: firewall-cmd --add-port 2345/tcp firewall-cmd --add-port 2345/tcp --permanent Also, it may be worth mentioning that semanage is in the policycoreutils-python package, which isn?t installed by default in all stock configuration...

Hi, just a quick note to whoever is maintaining this page: http://wiki.centos.org/HowTos/Network/SecuringSSH The procedure is missing the firewall-cmd calls necessary in EL7: firewall-cmd --add-port 2345/tcp firewall-cmd --add-port 2345/tcp --permanent Also, it may be worth mentioning that semanage is in the policycoreutils-python package, which isn?t installed by default in all stock configuration...

...script that listens to port 2222 and mimics SSH to capture the passwords. Changing the port of SSH to 2222 or anything above 1024 makes SSH less secure. Pretty ironic that this is in the "Securing SSH" chapter. This should never be done. Location: http://wiki.centos.org/HowTos/Network/SecuringSSH#head-3579222198adaf43a3ecbdc438ebce74da40d8ec username: TheodorAndresson

...quot;all firewall-cmd" solution > > which > > I'd like to share. > > > > It boils down to using rich rules in firewalld instead of direct > > rules > > for iptables. The code snippets in section 6 of < > > https://wiki.centos.org/HowTos/Network/SecuringSSH>; would be > > changed to > > > > firewall-cmd --permanent --add-rich-rule='rule port port="22" > > protocol="tcp" accept limit value="4/m"' > > firewall-cmd --permanent --remove-service ssh > > firewall-cmd --permanent -...

generalizing somewhat from my earlier note about the "securing SSH" page: http://wiki.centos.org/HowTos/Network/SecuringSSH i don't know what level of intro a page like that should have but when i've presented things like this to classes i've taught, or written short online tutorials, the very first thing i document are the packages involved. in this case, the first section might be something as simple a...

...nt to me regarding the wiki. ---------- Forwarded message ---------- From: "Martin Kon??ek" <mkonicek12 at gmail.com> Date: Mar 7, 2013 4:44 AM Subject: mistake on Securing SSH To: <timothy.ty.lee at gmail.com> Cc: Hi TImothy, I saw wiki http://wiki.centos.org/HowTos/Network/SecuringSSH and it is pretty good, but there is a mistake. *Instead of having* iptables -A INPUT -p tcp --dport 22 -m recent --set --name ssh --rsource iptables -A INPUT -p tcp --dport 22 -m recent ! --rcheck --seconds 60 --hitcount 4 --name ssh --rsource -j ACCEPT *You should have* iptables -A INPUT -p tcp...

Hello, I would like permission to contribute information to the wiki... Username: CaseyDoyle To append an additional method for ssh blocking with firewallD: Page: https://wiki.centos.org/HowTos/Network/SecuringSSH#head-3579222198adaf43a3ecbdc438ebce74da40d8ec Suggest to add the following info to it pertinent section: ------ 6. Filter SSH at the Firewall complementary to iptables method, there is firewall-cmd for newer systems using FirewallD: firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT...

Hola lista he estado trabajando el la traducci?n de la pagina de la wiki http://wiki.centos.org/HowTos/Network/SecuringSSH pues estuve hablando con Alain Reguera y me dijo que pusiera las traducciones que hiciera ac? para que lo revisaran, bueno no se como funciona bien esta lista pero ah? les mando la traducci?n para que la revisen y me den sus opiniones y despu?s me digan como hago para ponerla en la wiki. Sin mas s...

...like to share. > > > > > > > > It boils down to using rich rules in firewalld instead of > > > > direct > > > > rules > > > > for iptables. The code snippets in section 6 of < > > > > https://wiki.centos.org/HowTos/Network/SecuringSSH>;; would be > > > > changed to > > > > > > > > firewall-cmd --permanent --add-rich-rule='rule port port="22" > > > > protocol="tcp" accept limit value="4/m"' > > > > firewall-cmd --permanent --remo...

...that listens to port 2222 and mimics SSH to capture the passwords. Changing the port of SSH to 2222 or anything above 1024 makes SSH less secure. Pretty ironic that this is in the "Securing SSH" chapter. This should never be done. > > Location: http://wiki.centos.org/HowTos/Network/SecuringSSH#head-3579222198adaf43a3ecbdc438ebce74da40d8ec > username: TheodorAndresson > > > > ------------------------------ > > Message: 2 > Date: Thu, 02 Oct 2014 15:49:59 -0700 > From: Karsten Wade <kwade at redhat.com> > To: centos-docs at centos.org > Subject: Re: [...

...; > > > It boils down to using rich rules in firewalld instead of > > > > > > direct > > > > > > rules > > > > > > for iptables. The code snippets in section 6 of < > > > > > > https://wiki.centos.org/HowTos/Network/SecuringSSH>;;; > > would be > > > > > > changed to > > > > > > > > > > > > firewall-cmd --permanent --add-rich-rule='rule port > > port="22" > > > > > > protocol="tcp" accept limit value="4/m&q...

Hi, I'd like to use SSH without password so I can use it in scripts (for example in combination with rsync to do backups). I have Carla Schroder's "Linux Cookbook" and I'm trying out the various receipts, but the one for SSH without a password doesn't work. The book is slightly dated, and I wonder if SSH included in CentOS works differently. Any suggestions? Niki

On 12/02/15 20:03, Warren Young wrote: > Hi, just a quick note to whoever is maintaining this page: > > http://wiki.centos.org/HowTos/Network/SecuringSSH > > The procedure is missing the firewall-cmd calls necessary in EL7: > > firewall-cmd --add-port 2345/tcp > firewall-cmd --add-port 2345/tcp --permanent > > Also, it may be worth mentioning that semanage is in the policycoreutils-python package, which isn?t installed by...

...ould > fail to reload). I came up with an "all firewall-cmd" solution which > I'd like to share. > > It boils down to using rich rules in firewalld instead of direct rules > for iptables. The code snippets in section 6 of < > https://wiki.centos.org/HowTos/Network/SecuringSSH> would be changed to > > firewall-cmd --permanent --add-rich-rule='rule port port="22" > protocol="tcp" accept limit value="4/m"' > firewall-cmd --permanent --remove-service ssh > firewall-cmd --permanent --remove-port 22/tcp > firewall-cmd...

...solution >> > which >> > I'd like to share. >> > >> > It boils down to using rich rules in firewalld instead of direct >> > rules >> > for iptables. The code snippets in section 6 of < >> > https://wiki.centos.org/HowTos/Network/SecuringSSH>; would be >> > changed to >> > >> > firewall-cmd --permanent --add-rich-rule='rule port port="22" >> > protocol="tcp" accept limit value="4/m"' >> > firewall-cmd --permanent --remove-service ssh >> > fir...