Temporarily blocking ports

Chris eagletree at hughes.net
Sat Nov 29 14:01:45 PST 2008

On Nov 29, 2008, at 1:11 PM, Jos Chrispijn wrote:

> From your reply on my message of 29-11-2008 21:47:
>> An even tighter practice is to turn off all password logins and
>> use only keyed connections. This is easier than it might seem
>> though I'll admit I think of ssh as something only a select
>> number of users may use and thus you know them by name
>> and what IPs they are permitted to connect on.
> I have been thinking of that as well, but don't think I should use  
> that yet with the knowledge I have on this.
> Do you refer to manual of automatic key connections?
It's extremely easy.

Generate your key and spread it to all systems you want
to connect to. Have other users generate their key and do the
same. After everyone is set, turn off password access in
/etc/ssh/sshd_config, that file contains the docs in comments
on how to do this. You change three parameters. Then sshd
will need to be restarted. Be sure logins by key work first.

This implies how to set up your keys. This was lifted from
a helpful page on the net and modified but is pretty basic.
Creates the keys in home directory of myuserid on system
www.example.com, then moving the key to a second system
called other.example.com such that myuserid can move
between systems. The userid on the remote does not need
to be the same string as on the local system though it's shown
that way here.

www$ cd # get to your home directory
www$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/myuserid/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/myuserid/.ssh/id_rsa.
Your public key has been saved in /home/myuserid/.ssh/id_rsa.pub.
The key fingerprint is:
<fingerprintshownhere> myuserid at www.example.com
www$ ssh myuserid at other.example.com mkdir -p .ssh
Password: <enter password here for other system>
www$ cat .ssh/id_rsa.pub|ssh myuserid at other.example.com 'cat >> .ssh/ 
Password:<enter password here for other system>

You are done setting up keys. Sample use of seamless login:

www$ ssh other.example.com
other$ host
other$ users
myuserid          ttyp0    Jul 14 05:28 (www.example.com)
other$ exit

I only use this on FreeBSD and OS-X. No idea on Putty and others.

> thanks for sharing,
> Jos Chrispijn

More information about the freebsd-questions mailing list