Using Ed25519 for OpenSSH keys (instead of DSA/RSA/ECDSA)

Introduction into Ed25519 OpenSSH 6.5 added support for Ed25519 as a public key type. It is using an elliptic curve signature scheme, which offers better security than ECDSA and DSA. At the same time it also has good performance. This type of keys may be used for user and host keys. With this in mind, it is great to be used together with OpenSSH. In this article we have a look at this new key type. DSA or RSA Many […]

Read more

Mosh, the SSH Alternative Option for System Administration

Reasons to use Mosh instead of SSH Mosh, or mobile shell, is the ideal tool for remote system administration. While SSH is great, Mosh beats it in several areas. Let’s dive into the reasons why it makes sense to learn about Mosh. Pros Session Resumption Remember the last time your connection was interrupted? It it frustrating and sometimes even leads to losing some of your work. The stable TCP connection is not always a blessing. Mosh comes to the rescue, especially […]

Read more

Granting Temporary Access to Your Servers (Using Signed SSH Keys)

Temporary access with SSH In need of support from a colleague or vendor, but don’t want to give them permanent access? SSH has an option to allow temporary access! Next time you need to provide temporary access for an hour or day, use this great option. Our Setup We have two machines for this purpose. One is a system running Arch Linux, the client system. The other one is a server, running Ubuntu Linux. For temporary support, we have created a […]

Read more

Distributing SSH keys: using ssh-copy-id, manually or automated

Distribution of SSH keys When you want to allow public key authentication, you have to first create a SSH keypair. Next step is then the distribution of the public key to the other systems. Let’s have a look at a few options, including using the ssh-copy-id utility. Option 1: Manually In the past, you had to log in manually to the new system and do things yourself. Especially if you created your key with a tool like PuTTYgen on Windows. […]

Read more

In-depth Linux Guide to Achieve PCI DSS Compliance and Certification

Linux Guide for PCI DSS Certification, Compliance, and Auditing If you work for a company which accepts, processes or stores credit card details, you might be very familiar with the PCI Data Security Standard (DSS). The standard itself is detailed, yet sometimes unclear on what specifically to implement (and when). This guide will help with translating the PCI standard to technical security controls on Linux systems. It is based on the current version of PCI DSS, which is now version […]

Read more

Using SSH keys instead of passwords

Using SSH keys instead of passwords Linux systems are usually managed remotely with SSH (secure shell). Still many administrators are using passwords, instead of keys. Keys not only boost security, it also makes managing systems much easier. Instead of entering your password for each server, you only have to do it once per session. When managing several systems per day, you will be wondering why you ever used password based authentication before. Creating the key Depending on your desktop platform, […]

Read more

Audit and harden your SSH configuration

Audit and harden your SSH configuration SSH (Secure SHell) is a commonly used protocol for secure data communications between systems. It is rare to find systems not having this service running. As this opens up a potential gateway into the system, hardening the configuration of the SSH server is an important step in server hardening. In this guide we will focus on several common configuration options of SSH and improve it. Client and Server SSH has two parts: the client used […]

Read more
12