Tag Archives: ssh

Can Not Add SSH Key To Ubuntu

4/17/16 – Fixed formatting.

I wanted to add an SSH key to a new minimal Debian VM install, but attempting to add the key resulted in a No such file or directory error.

sudo cat id_rsa.pub >> .ssh/authorized_keys
cat: id_rsa.pub: No such file or directory

The error was the result of the non-existent authorized_keys file which is where SSH key happens to be stored.

If we look inside the ~/.ssh directory you will notice the missing authorized_keys file.

ls ~/.ssh
known_hosts

To be able to store the SSH key create the missing authorized_keys in the right location and with the right permission.

Move to the directory where key files are stored for the user.

cd ~/.ssh

Create necessary file.

touch authorized_keys

Assign permission to file.

chmod 600 authorized_keys

Copy SSH key to authorized_keys file.

cat id_rsa.pub >> .ssh/authorized_keys

Optional, but I recommend removing the key since it’s no longer needed.

rm id_rsa.pub

Restart the service.

sudo service ssh restart

SSHFS in Windows

This post will cover the required steps to configure a working SSHFS client set-up in Windows. With SSHFS you can mount a remote directory via SSH as if it were a local drive, while SSHFS is common on Linux/Nix* Windows is a different story. To make use of SSHFS in Windows you will need to download win sshfs a free SSHFS application.

You will need to download the following files to have a working SSHFS setup:

Let’s Start

Note:I’ve only used password for authentication, I have not tried key files yet…

You will need to download win sshfs from the following link code.google.com/p/win-sshfs/ , once the download completes install the application.

Windows SSHFS

Click on Next to continue.

Windows SSHFS

Accept the license agreement and click on Next.

Windows SSHFS

Hopefully you already installed the pre-requisites I mentioned above, otherwise the application will refuse to install. Otherwise, go back an install them. Click on Next to continue.

Windows SSHFS

Accept the default path and click on Next.

Windows SSHFS

Click on Finish to launch the application.

Windows SSHFS

Now in SSHFS Manager click on Add, we need to add a new connection.

Windows SSHFS

This is where we connect to the SSH server, in my case the server runs Ubuntu 12.04. Enter a name, server IP address, user credentials and for the rest go with the defaults if you like.

Windows SSHFS

First click on Save and then click on Mount.

Windows SSHFS

If you provided the correct server information your SSHFS connection should now be mounted.

Windows SSHFS

You can verify this by going to My Computer, the new SSHFS drive will be mounted as a removable drive.

Windows SSHFS

By default the application will start at start-up, you can change this behavior by going to Taskbar, right clicking on the application icon and un-checking Run at startup.

Windows SSHFS

Win SSHFS so far as worked quite well for me, I like the idea of having access to SSHFS from my Windows 7 computer. If you find any mistakes of have suggestions don’t to leave a comment.

Links

Dokan library 0.6.0 dokan-dev.net/en/download/

win sshfs code.google.com/p/win-sshfs/

.NET Framework 4.0 microsoft.com/en-us/download/

Slow SSH

modem

Changing the default port on SSH can make the job of a script kiddie a bit harder but it may bring some problems for other services working on the same port, that’s what happened to me not long ago. In case you have no idea VSFTP runs on the same port as SSH, after changing the default port to 2020 I began to notice that VSFTP transters drop from 80kbps down to 20kbps after checking the VSFTPD configuration (/etc/vsftpd.conf) I found the following problem.

# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES

change to

connect_from_port_20=NO

I guess that VSFTP was only trying to verify that port 20 was being used for transfers, the solution was to change the “YES” to “NO”, after restarting VSFTP the rate of the file transfers went up.

Secure The Default SSH Configuration

SSH is a secure protocol used for system administration, tunneling and many useful things that a secure encrypted channel can offer. Due to the importance it has on a system attackers tend to make it a priority when scanning for ports. Increasing the level of awareness and security requires common sense to avoid using short password and common user names like “user” on a system exposed to the Internet.

The location of the OpenSSH configuration may vary depending on the Linux distribution you are using, the fundamentals still remain the same.

  • When the sign # is present it means previous value

Improve the default configuration

On Debian based distribution the configuration for OpenSSH can be found at.

/etc/ssh/sshd_config

Usually the attacker will scan for common or default ports, SSH uses port 22. In order to reduce the amount of failed attempts on a system change the port to a number above 1024.

#Port 22
Port 1520

OpenSSH offer two protocols SSH1 and SSH2, all just need to is SSH1 is insecure. The solution is to simply select protocol 2.

#Protocol 2,1
Protocol 2

The Root account has no need to be reachable from the Internet, instead create a user with privileges. You do not want to grant the attacker a nuke!. Deny login access to the root account from the Internet.

#PermitRootLogin yes
PermitRootLogin no

Automated attacks benefit from default configurations, like allowing a high number of invalid attempts, limit the number of fails attempts before denying and requiring another attempt.

#MaxAuthTries 6
MaxAuthTries 2

Now lets limit the amount of unauthenticated connection the SSH server will handle at the same time. When we make the numbers smaller than the default of 10 we are making it harder for the attacker to coordinate an attack with multiple connections. The new values tell the SSH server to allow 3 users at the same time then randomly and increasingly drop the connections between 2 / 8.

#MaxStartups 10
MaxStartups 2:40:8

By default the SSH server will hold open an unauthenticated connection for 2 minutes which is a long time in the Internet, 30 seconds is more than enough time to log in.

#LoginGraceTime 2m
LoginGraceTime 30

SSH keys are far more secure than passwords, do not run the risk of an attacker guessing you password. Disable password authentication and only allow access by using SSH keys.

#PasswordAuthentication yes
PasswordAuthentication no

This may seem basic but we are actually giving the attacker a run for his or her money. For the changes to take effect restart OpenSSH.

 /etc/init.d/sshd restart