Results 1 to 2 of 2
I'm a complete noob when it comes to ssh-security so this may not be a problem at all. But if it is, I would appreciate any advice in how to ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 11-29-2010 #1
- Join Date
- Nov 2010
Possible ssh problem
I'm a complete noob when it comes to ssh-security so this may not be a problem at all. But if it is, I would appreciate any advice in how to secure my server better.
First off, it's an Ubuntu 10.04 LTS server. Which may or may not make a difference compared to say a RedHat or Suse server. Sshd is, at any rate, OpenSSH 5.3p1.
I've configured sshd to only allow one specific user to connect to the machine using ssh. So far, the user is configured to use username + password to authenticate but I've been thinking of changing that to only allow public/private key authentication instead.
So far so good. The one potential problem I've noticed is that using:
nmap -sV -A -o --osscan-guess hostname
one can discover the ssh-hostkey. How much of a problem is that? Or put in other words: how worried should I be?
- 11-30-2010 #2
- Join Date
- Nov 2007
Google: how does ssh work
At this point the client sends the server a Diffie-Hellman GEX Init request that includes the initial challenge message of the key exchange, along with a specification of the type of key exchange that will be used.
The client then listens for the serverís response, which will include the serverís public key and a challenge value that has been signed by the serverís private key, which is supposed to provide a validation that the packet could only have come from the server that sent it.