Changes between Version 4 and Version 5 of SystemAdministration/Security/OpenSSH

Timestamp:

07/21/15 12:35:37 (9 years ago)

Author:

Sander Maijers

Comment:

Fix, elaborate root login

SystemAdministration/Security/OpenSSH

@@ -51 +51 @@
 Match originalhost B user root
     IdentityFile "%d/.ssh/keypairs/root@B"
-Match originalhost B user sanmai
+    ProxyCommand ssh yourusername@B -W %h:%p
+Match originalhost B user yourusername
     IdentityFile "%d/.ssh/keypairs/yourusername@B"
 }}}
@@ -61 +62 @@
 PermitRootLogin no
 
-Match LocalAddress 127.0.0.1
+Match Address {WAN-IP-B}
     PermitRootLogin without-password
 }}}
 
-Or to be compatible with IPv6 (untested):
-`/etc/ssh/sshd_config`:
-{{{
-PermitRootLogin no
+Replace {WAN-IP-B} with the WAN IP address of B (as in, the IP address that A uses to refer to B). Restart the OpenSSH daemon.
 
-Match LocalAddress 127.0.0.1,::1
-    PermitRootLogin without-password
-}}}
+You now have the following setup: 
 
-Restart the OpenSSH daemon.
+[[Image(https://trac.clarin.eu/attachment/wiki/ssh_key/OpenSSH%20root%20config.png)]]
 
 == Logging in ==
@@ -86 +82 @@
 `rsync root@B:/etc/hostname /tmp/hostname`
 
+== Final remarks ==
 '''Only use the root private key when it's absolutely necessary.'''