Secure Shell, ssh

The Secure Shell is basically an encrypted telnet, but it can do a lot more than telnet ever could such as tunnelling encrypted connections both in forward and reverse directions. Both clients and servers are available SSH on many operating systems.

System Banner

Also on the security front, further down sshd_config, consider adding a banner warning stating that the system is private and not for public access. In the unlikely event you are hacked and catch the culprit you will have a stronger legal case if you have told any intruders that they should not be there.

.
# banner path
Banner /etc/issue

/etc/issue is displayed on a console before login, sometimes a /etc/issue.net is present in case you want to have a different warning for local console users compared to network login users. Bear in mind that ssh -q will not show a banner so don't rely on just this alone as a security warning.

/etc/motd (Message Of The Day) is displayed after a successful login, so any system specific info should go there and not in /etc/issue.

After having done this change, you will need to stop (not just restart sshd) with /etc/rc.d/rc.sshd stop and /etc/rc.d/rc.sshd start

And the result? Success!!

zeus:~ andrewst$ ssh 192.168.1.1 -l andrew
andrew@192.168.1.1's password: 
Last login: Tue Apr 20 00:56:35 2004 from 192.168.1.21
Linux 2.4.25.
Welcome to Slackware!
andrew@corerouter:~$ 

Enable TCP keep alives

Add the following to /etc/ssh/sshd_config to prevent inactivity causing a firewall terminating a session:-

TCPKeepAlive yes
KeepAlive yes
ClientAliveInterval 60

SSH tunnels

ssh -L localhost:5222:myxmpp.mydomain.co.uk:5222 -p 443 user@proxy.server.co.uk

ssh -L localhost:222:ssh.mydomain.co.uk:22 -L localhost:10022:midpoint.myserver.com:22 -p 443 user@proxy.server.co.uk

Socks Server

ssh -D 1080 -p 443 user@my.server.com

rb/ssh.txt · Last modified: 10/10/2013 15:21 (external edit)