Articles tagged with ssh

1. OpenSSH: Using a Bastion Host

   Posted on March 26, 2016 in System Administration

   Quick and dirty OpenSSH configlet here. If you have a set of hosts or devices that require you to first jump through a bastion host, the following will allow you to run a single ssh command:

   Host *
       ProxyCommand ssh -A <bastion_host> nc %h %p
   

   Change the Host * line to best …

2. Removing a Single Line from known_hosts With sed

   Posted on February 08, 2016 in System Administration

   Ever so often, something changes on the network, and you find that your .ssh/known_hosts file has gotten out of date. Usually this happens after an upgrade or device change. You'll get the rather ominous warning that REMOTE HOST IDENTIFICATION HAS CHANGED!

   If you are confident that someone isn't doing …

3. Limiting SSH Connections with ufw

   Posted on May 30, 2011 in System Administration

   In the past, I've written about the usefulness of using iptables to limit incoming SSH connections. Although it isn't a replacement for a good password policy, it at least limits the ability of outsiders to perform a brute-force password attack on your system. Now that I've started using Ubuntu more …

4. Rate-limiting SSH connections with iptables

   Posted on June 14, 2010 in System Administration

   If you have SSH open toward the Internet, you are surely aware of the number of brute force password attempts your server sees everyday. Although a good password policy may make these attempts nothing more than an annoyance, each connection to your SSH daemon takes up valuable server resources. I …

5. macOS SSH Slow to Connect: Troubleshooting IPv6, DNS, and Remote Login

   Posted on September 13, 2009 in System Administration

   SSH should feel boring. You type ssh hostname, the server asks for whatever authentication it needs, and you get a shell. When it pauses for 30, 60, or 120 seconds before anything useful happens, the delay is usually not random. It is almost always name resolution, address-family selection, routing, or …

6. SSH Password Guessing Attacks

   Posted on March 23, 2009 in System Administration

   

   I manage servers and network devices that, for a variety of reasons, allow users to connect via SSH from anywhere in the world. Although the traffic generated by these connections is encrypted, leaving this open to the world does present a bit of a security risk. Would-be crackers use compromised …

7. You Too Can SSH Without A Password

   Posted on July 13, 2007 in Software

   I wrote recently about using Subversion over SSH. A minor annoyance with that setup is the need to enter your system password at least once, and sometimes multiple times depending on the action you are taking. There are also times when a remote system needs to access another system via …

8. Preparing Mac OS X For Production Remotely

   Posted on April 13, 2007 in System Administration

   Note: I recently had to prepare a Mac mini for use as a network testing device. The system was installed in a remote location and only reachable via SSH.

   Important commands: hdiutil, installer, softwareupdate, shutdown

   When preparing a system for production, there are three main tasks that need to be …

9. Adding macOS Users Remotely from the Command Line

   Posted on April 11, 2007 in System Administration

   There was a time when adding a Mac OS X user from the command line meant talking directly to NetInfo with nicl, copying a user template with ditto, and hoping you did not fat-finger a UID. That was useful knowledge in 2007. It is also very much not how I …