|
02-06-2020 I noticed some faggot trying to attach to my systems through public ports open on my router last week (this article was written 02-06-2020). We hackers refer to wannabe crackers (who use publicly available scripts to do this sort of thing) as "script kiddies" (probably some nine year kid in Asia with a copy of a semi-sophisticated script-- who thinks he's gonna be a hacker someday). I tried switching my server's ssh port (which has been something other than standard port 22 for several years, now). And, I switched off all other public ports. But-- the little shit just wouldn't give up. And when I switched back to my usual port this last weekend, I could see more ssh attempts in my messages log (/ It was actually really easy to do. But-- the security this adds to a public system is priceless. The first step is to use ssh-keygen. This will create a pair of keys (one public and one private) for securing an ssh daemon. I ran the command on one of my clients. But, you can (of course) run this on a server and copy the files later. ssh-keygen will prompt for a password to use to encrypt your private key. You can leave this blank. I encrypted mine. That way if some piece of shit manages to copy my private key, they'll need to crack its encryption before they can use it (this would take a single machine running a single script billions of years, I'm told). Meanwhile, I could replace the keys that were compromised. You don't (obviously) encrypt the public key. Anyone can see that. You'll still need a private key to pair with it if you want to attach to the system. Once you have a private key, you'll need to copy it to any machines you wanna use to attach to your ssh server. So, you'll wanna copy ~/ After you have a public key on your server and private keys on your clients, you can forbid password authentication in your server's sshd configuration ("/ |
Random Fact: Insanely Witty Stupidity has its own ls command (implemented using PHP). It can be used to poke around Insanely Witty Stupidity's root folder. For more information, rtfm. |
html revised 2024-04-23 by Michael Atkins. The maintainer of insanely |