Dear forum users! I need your help!

Understanding SSH (2) technology, there are a few questions:

  • What are the actual amendments in the client and server settings for 2017?

(For example, I heard that md5 is not safe already, maybe there is something else and I do not know)

  • What to watch and learn logs ?

(I would like to, of course, with the backlight and in real time , well, with the GUI, although it will also go without it. Something with a minimum of dependencies)

  • How to force logs to write in a separate log , but not in the system?

(So ​​that all logs related to SSH are in a different directory, at least temporarily, to learn the technology)

  • What to look for when analyzing a log?

(What are the signs of intrusion attempts besides many password entry attempts)

  • How to break through this scheme:

Host1 == Router (NAT0) == Provider-NAT1 == Internet == Provider-NAT2 == Host2 What advice do you have in this situation?

  • What server and client will you advise?

(I have already made a choice, but suddenly surprise :))

As a matter of fact, I primarily need file operations from SSH (I mounted it and you move / copy / delete files and directories in the file manager)

Closed due to the fact that it is necessary to reformulate the question so that it was possible to give an objectively correct answer by the participants aleksandr barakin , sanmai , Duck Learns to Hide , HamSter , user207618 August 5 '17 at 7:06 .

The question gives rise to endless debates and discussions based not on knowledge, but on opinions. To get an answer, rephrase your question so that it can be given an unambiguously correct answer, or delete the question altogether. If the question can be reformulated according to the rules set out in the certificate , edit it .

  • nothing has changed since last season. - aleksandr barakin
  • What does the "actual adjustments in the settings" and the hashing algorithm? - matz
  • @matz, what exactly surprised you? The choice of the hashing algorithm is it not in the settings? Actual - this is in view of the latest trends, everything changes over time, is not it? - tonchikp
  • How to configure server here is very good: help.ubuntu.ru/wiki/ssh . For blocking from c001] [akiroff I would add fail2ban. Server and client - vanilla. - don Rumata
  • @donRumata, I have already read this, rewrote all the settings, tried to understand each of them - tonchikp

2 answers 2

The recommendations are the same: disable the login with a password and do not go yourself.

To do this, in /etc/ssh/sshd_config add:

 ChallengeResponseAuthentication no PasswordAuthentication no

    Regarding questions about logs I will try to answer.

    In different Linux distributions, the logs are written to different files. It all starts with / var / log and then options are possible. Suppose your log is written to / var / log / messages . Then you can watch messages as they appear:

     tail -f /var/log/messages &

    If you are interested in toko messages regarding ssh , you can modify it like this:

     tail -f /var/log/messages | grep ssh &

    If you want to save the log in a separate file, you can:

     tail -f /var/log/messages | grep ssh > ~/my_log.txt &

    And finally: in most distros, system logs can only watch root. How to get root authority is envy of the situation.