JDPFu.com 2025

Updated 10/2019

Use ed25519 keys, if you can:

ssh-keygen -t ed25519
ssh-copy-id -i ~/.ssh/id_ed25519.pub userid@remote

Updated 10/2015

If you have an ssh server running on your network that is accessible to the outside world, on the internet, chances are your systems are being attacked. If you aren’t aware of this, just take a look at your ssh logs in /var/log/auth.

$ egrep -i Failed /var/log/auth.log*

This article is for Linux/UNIX users, but the ideas should apply to any OS running an ssh daemon.

Ssh Setup For Higher Security

The order below based on how easy it is to accomplish or setup. None of these configuration changes are hard. All of them can be accomplished in under 5 minutes if you know what you’re doing or 15 minutes if you need to read up a little.

• Listen on a non-standard port
• Use ssh-key-based connections
• No remote root logins with a password – without-password
• Allow only key-based logins from non-LAN IPs (basically any remote ssh connection cannot use a password)
• Lock account after X failed attempts – Fail2Ban
• Automatically block IPs with login failures – Fail2Ban
• Monitor hack attempts – Fail2Ban

Below is the 6th of 6 questions from a reader. I definitely don’t have all the answers, but I’m not short on opinions. ;)

Previous articles:
Part 1 – LVM+JFS+RAID | Part 2 – Service Virtualization |
Part 3 – Virtualizing Media Storage | Part 4 – Hosting Email |
Part 5 – Reverse Proxies

duijf asks:

Q6: It seems desirable to be able to VPN in to my network at any time, if I decide to set up said service, does any device in my internal network need to connect before it is discoverable?

Sorry, but I don’t understand the question entirely. Discoverable? That confuses me. This isn’t a game console. Your VPN client and server will need to know about each other explicitly. Not to worry, that isn’t very difficult to setup. There are just a few details.

What you need to know to be network secure on your computers when on public hotspots (or anywhere that is not your work or home network).
The How To Geek wrote a comprehensive article.

These guys did an excellent job covering everything you should know. My only complaint about the article is they didn’t stress how important a VPN is for secure network use when in the wild. Use a VPN – ALWAYS. A VPN is a Virtual Private Network. If you want to know more, use google.

Below I’ll go into more detail on my concerns and the steps to setup a VPN on your home network, so you can secure your network access from almost anywhere in the world.

I do system patching on servers every Saturday morning during a maintenance period. Almost always, nothing goes wrong. I’ve seen some really big patch sets for huge, complex systems go in cleanly … then there’s Java. Every Java update causes some kind of problem for Adito.

Here’s the fix to the latest and most future Java update issues with Adito … I hope.

I watch lots of cloud computing articles. If you follow this blog, you know that I’m not a fan of outside cloud computing, but I love internal virtualization, an internal enterprise cloud, if you will.

Let’s look at some real-world pricing.

The Adito administrator has control over whether users may change their passwords or not. In some situations, an administrator may decide to prevent password changes, so the user may not see that option at all.

If you can’t locate the password reset in the web interface, contact your VPN administrator and ask whether it is possible to change the password with your level of Adito VPN access. Otherwise, the password reset function isn’t hidden.

This article was written based on search results from web search engines.