[Sussex] Securing the Remote CLI
Steven Dobson
steve at dobbo.org
Fri Feb 25 11:29:16 UTC 2011
Hi All
As the CLI has been the topic of some debate of the last day or so I
thought it might be worth drawing your attention to the following:
http://www.debuntu.org/ssh-key-based-authentication
If you have a publicly accessible server and you want to keep it safe by
allowing allowing pre-determined people in. This is what I do.
Each of my workstation as it's own SSH key. If I lose my laptop or
Android phone (heaven forbid) then I only have to remove the public key
for the lost device to re-secure the system.
The file is $HOME/.ssh/authorized_keys. It's format is simple, each line
looks like this:
ssh-rsa <public-key> <comment>
The public key is a great long jumble of letters, digits and other
characters. But the best part is that whatever comes after the key is
ignored so you can put there what you like. My keys have identifying
like "Steve's Workstation", or "Steve's Netbook" and now "Steve's
Phone". This way even my clients know which is which.
Steve
--
Steve "Dobbo" Dobson
More information about the Sussex
mailing list