Difference between revisions of "Freeside:1.9:Documentation:Administration:SSH Keys"
From Freeside
(New page: = Introduction = Freeside can login to remote machines unattended using SSH. This can pose a security risk if not configured correctly, and will allow an intruder who breaks into your fr...) |
|||
Line 10: | Line 10: | ||
* You may need to set <code>PermitRootLogin without-password</code> (meaning with keys only) in your <code>sshd_config</code> file on the remote machine(s). | * You may need to set <code>PermitRootLogin without-password</code> (meaning with keys only) in your <code>sshd_config</code> file on the remote machine(s). | ||
* You may want to set <code>ForwardX11 = no</code> in <code>~root/.ssh/config</code> to prevent spurious errors and increase security if your distribution turns on X11 forwarding by default. | * You may want to set <code>ForwardX11 = no</code> in <code>~root/.ssh/config</code> to prevent spurious errors and increase security if your distribution turns on X11 forwarding by default. | ||
+ | |||
+ | = Cisco devices = | ||
+ | |||
+ | * Cisco IOS devices are configured differently than UNIX servers. See the Cisco documentation on how to [https://www.cisco.com/c/en/us/support/docs/security-vpn/secure-shell-ssh/4145-ssh.html#iossshserver Setup an IOS Router as an SSH server that performs RSA based User Authentication]. |
Latest revision as of 13:56, 18 August 2017
Introduction
Freeside can login to remote machines unattended using SSH. This can pose a security risk if not configured correctly, and will allow an intruder who breaks into your freeside machine access to your remote machines. Do not use this feature unless you understand what you are doing and have first properly secured your Freeside machine.
Instructions
- As the freeside user (on your freeside machine), generate an authentication key using
ssh-keygen
. Since this is for unattended operation, use a blank passphrase. - Append the newly-created
identity.pub
file to~root/.ssh/authorized_keys
(or the appopriate~username/.ssh/authorized_keys
) on the remote machine(s). - Some new SSH v2 implementation accept v2 style keys only. Use the
-t
option tossh-keygen
, and append the createdid_dsa.pub
orid_rsa.pub
to~root/.ssh/authorized_keys2
(or the appopriate~username/.ssh/authorized_keys
) on the remote machine(s). - You may need to set
PermitRootLogin without-password
(meaning with keys only) in yoursshd_config
file on the remote machine(s). - You may want to set
ForwardX11 = no
in~root/.ssh/config
to prevent spurious errors and increase security if your distribution turns on X11 forwarding by default.
Cisco devices
- Cisco IOS devices are configured differently than UNIX servers. See the Cisco documentation on how to Setup an IOS Router as an SSH server that performs RSA based User Authentication.