Linux security tip: change your computer’s SSH port

Here's a useful tip for people that access their computer or server over the Internet using SSH. Change your SSH port from the default port 22 to something else. Although this is not a foolproof hack to secure your server, it can at least help greatly. Let's look at you this would be done on an Ubuntu machine. NOTE that this change should not be performed over a remote SSH connection, you might lose all contact with your server.

1 First, check to see if the SSH service is running at all, and if it is, then on which port. Run the following command:

# netstat -tulpn

In the output you should see an entry for port 22. This is the SSH service.

SSH Tunnel

Hi,

In previous post i explain about ssh without password. hope you tried.

This time i am showing some trick, from that you can make ssh tunnel and easily make connect to your office server from home without knowing public IP.

Scenario : Your company block access to port 22 ( i.e ssh port) and you do not know public IP or Your Server is not mapped to Public IP. You can want to work from home with ssh service.

Solution : You need to generate you customize port on your home pc from office server which you want to connect. for that you need two important things. First Internet on both end and static IP to your home PC. Finally following steps.

For consideration, Home IP is 177.177.177.177

Steps :
First on server side

1. login to server as root or super privilege
2. run following commands

# ssh -R 988:localhost:22 root@177.177.177.177

-R will generate port 988 on localhost of home pc (i.e 177.177.177.177)

After getting terminal, login on your pc and leave this terminal open.


Now Come to home pc

1. login to home server as root
2. run following command

# ssh -p 988 localhost

-p will connect to port 988 on localhost.

This will help to connect back to office server. Because ssh thinks, he is connecting to localhost on port 988 and port 988 will lead to your office server without asking IP and router mapping.

SSH without password using a secure RSA key

ssh without password is use full when implementing scheduled jobs for scripts and backups

To scp, ssh and rsync without prompting for password

# ssh-keygen -t rsa

This will prompt for a passphrase. Just press the enter key. It’ll then generate an identification (private key) and a public key. Do not ever share the private key with anyone! ssh-keygen shows where it saved the public key. This is by default ~/.ssh/id_rsa.pub:
Your public key has been saved in /.ssh/id_rsa.pub

Transfer the id_rsa.pub file to host_dest by either ftp, scp, rsync or any other method.

On host_dest, login as the remote user which you plan to use when you run scp, ssh or rsync on host_src.

Copy the contents of id_rsa.pub to ~/.ssh/authorized_keys.

# cat id_rsa.pub >> ~/.ssh/authorized_keys
# chmod 700 ~/.ssh/authorized_keys

If this file does not exists, then the above command will create it. Make sure you remove permission for others to read this file. If its a public key, why prevent others from reading this file? Probably, the owner of the key has distributed it to a few trusted users and has not placed any additional security measures to check if its really a trusted user.

Well, thats it. Now you can run scp, ssh and rsync on host_src connecting to host_dest and it won’t prompt for the password. Note that this will still prompt for the password if you are running the commands on host_dest connecting to host_src. You can reverse the steps above (generate the public key on host_dest and copy it to host_src) and you have a two way setup ready!

My First Blog

Hi Friends,
I have never created any blog before, this is my first blog. In this blog you can find tips on linux and my experiences that worked on.

Hope you will like this blog.