Site Map - skip to main content - dyslexic font - mobile - text - print

Hacker Public Radio

Your ideas, projects, opinions - podcasted.

New episodes Monday through Friday.


hpr1870 :: 19 - Home SSH Server

To learn ssh it helps to experiment, so this explains setting up a simple home server.

<< First, < Previous, Latest >>

Host Image
Hosted by Ahuka on 2015-10-02 is flagged as Clean and is released under a CC-BY-SA license.
Listen in ogg, spx, or mp3 format. | Comments (2)

Part of the series: Privacy and Security

In this open series, you can contribute shows that are on the topic of Privacy and Security

The best way to get familiarity with the concepts we will discuss is by experimentation. I think that it is becoming more common these days for people to own more than one computer and set them up in a network. And with cheap computers like Raspberry Pi it is really easy to get started. In this tutorial I want to discuss how you can set up such a server for your experiments in ssh. I encourage you to do this even though I dont intend this series to focus on server administration. The idea is that by practising these these techniques behind a good firewall you can get some familiarity with them before you get out on the Internet where it matters. For most Linux users, at least, installing and setting up a server is really simple, and you can do it minutes. For more go to http://www.zwilnik.com/?page_id=847

Links:


Comments

Subscribe to the comments RSS feed.

Comment #1 posted on 2015-10-06T18:45:32Z by kdmurray

SSH Passwords

Just a quick clarification on a point made just after the 14m mark with regards to remote login to the SSH server from the Internet. Ahuka makes the comment that "you're transmitting the password in the clear."

According to the SSH man page all communications between the client and server, including password verification, are done using public key encryption.

"Finally, if other authentication methods fail, ssh prompts the user for a password. The password is sent to the remote host for checking; however, since all communications are encrypted, the password cannot be seen by someone listening on the network."

When using an open and (possibly hostile network) something to keep in mind is to watch for the warning that the server's certificate fingerprint has changed. If this comes up for a server you use regularly be very, very suspicious.

Love hearing about the security stuff. Keep it going! :)

Comment #2 posted on 2015-12-10T08:19:51Z by 0xf10e

yepp, no cleartext

1st thing is DH key exchange, basically "no that we speak privately and securely let me tell you who I [the server] am". Think about it. Any other way would leave the client open to a MitM spoofing the server's keys.

But, of course, when you ignore the changed fingerprint on the server you won't know who is receiving your credentials.
With pubkey auth you don't have to worry about losing anything usable to impersonate you. Also makes brute force login attempts infeasible due to the vast number of possible keys.

Leave Comment

Note to Verbose Commenters
If you can't fit everything you want to say in the comment below then you really should record a response show instead.

Note to Spammers
All comments are moderated. All links are checked by humans. We strip out all html. Feel free to
record a show about yourself, or your industry, or any other topic we may find interesting. We also check shows for spam :).

Provide feedback
Your Name/Handle:
Title:
Comment:
Anti Spam Question: What does the P in HPR stand for ?
Are you a spammer →
Who hosted this show →
What does HPR mean to you ?