Changes between Version 4 and Version 5 of SystemAdministration/Security/OpenSSH
- Timestamp:
- 07/21/15 12:35:37 (9 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
SystemAdministration/Security/OpenSSH
v4 v5 51 51 Match originalhost B user root 52 52 IdentityFile "%d/.ssh/keypairs/root@B" 53 Match originalhost B user sanmai 53 ProxyCommand ssh yourusername@B -W %h:%p 54 Match originalhost B user yourusername 54 55 IdentityFile "%d/.ssh/keypairs/yourusername@B" 55 56 }}} … … 61 62 PermitRootLogin no 62 63 63 Match LocalAddress 127.0.0.164 Match Address {WAN-IP-B} 64 65 PermitRootLogin without-password 65 66 }}} 66 67 67 Or to be compatible with IPv6 (untested): 68 `/etc/ssh/sshd_config`: 69 {{{ 70 PermitRootLogin no 68 Replace {WAN-IP-B} with the WAN IP address of B (as in, the IP address that A uses to refer to B). Restart the OpenSSH daemon. 71 69 72 Match LocalAddress 127.0.0.1,::1 73 PermitRootLogin without-password 74 }}} 70 You now have the following setup: 75 71 76 Restart the OpenSSH daemon. 72 [[Image(https://trac.clarin.eu/attachment/wiki/ssh_key/OpenSSH%20root%20config.png)]] 77 73 78 74 == Logging in == … … 86 82 `rsync root@B:/etc/hostname /tmp/hostname` 87 83 84 == Final remarks == 88 85 '''Only use the root private key when it's absolutely necessary.''' 89 86