@DustinB3403 I've already got the password on the keys. I've just not disabled password logins in case i kill something and need to get access :). Planning on removing it once i've "SSH Key's" the other servers.

@DustinB3403 I will once i've played around a bit more with changing other settings for SSH.

So, I've done the keys and all is working with my Zabbix and Unifi servers. Not disabled password logins yet (apart from root).

Criminals on CCTV: Scammers caught red-handed

Hundreds of thousands of people fall victim to scams in the UK every year.
Many are run from criminal call centres abroad, where teams of fraudsters operate around the clock.

One man in the UK, who goes by the name "Jim Browning", decided to do something about it. He hacked into a call centre in India from where scammers target their victims.

@JaredBusch :face_with_stuck-out_tongue_winking_eye: :face_with_stuck-out_tongue_winking_eye: :face_with_stuck-out_tongue_closed_eyes: :face_with_stuck-out_tongue_closed_eyes:
I'll try moving to Fedora again at some point.

@JaredBusch said in Securing SSH:

This is your friend.

ssh-copy-id -i ~/.ssh/id_ed25519.pub user@ip

command not found in powershell bu that's a windows problem.

@Dashrender To be honest that's my next step is now to make some keys for my laptop, and see how and where they go
but my guess is in the same authorized_keys file on a separate line

@JaredBusch what view is that? "top"

Updated 2nd post

Wow, i was looking into this as well this morning as we found a few spare Android Tablets.

All we need is simple Employee clock in clock out. Simple touch screen click your name in and click it out.
Maybe in the future use RFID or NFC tag.

Silly question, i think i know the answer but checking
If i'm using a windows machine logging in as a domain user - [email protected]

I want to use SSH key pairs to log into my Zabbix Server. This was setup (On linux CentOS8) with two users when installing "root" and "zabb02".

Do i need a user called myname (or [email protected]) on the zabbix server?

Also guess i generate the key pair on my Windows machine and upload the pub side to the Server(s)

Been watching a few vids on Blender

Redcar council IT hack confirmed as ransomware attack

A council has admitted its IT service was targeted by hackers, who scrambled files and made a demand for money.
Systems at Redcar and Cleveland Council have been down for almost three weeks after the ransomware attack.

My rule of thumb is when asked.

1. Whats the budget
2. What game(s) do they want to play

If Graphics card required to play at playable res and frame rate costs more than a console and the game is available on console THEN go console

But knowing what they expect from the systems helps, as their expectations on what they can run off £300 may differ from what anyone can build.

@pmoncho
Started a new thread.

I think the common things i've seen so far are -

Password or Password Less Public/Private Keys
Timeouts
Disallow root logon
Harden Firewall
White-list IP's that can access.

Steps I used to connect to my Zabbix Server (CentOS from Win10

created a folder c:\users<username>.ssh
in powershell ran this command

 ssh-keygen -o -a 100 -t ed25519 -C "[email protected] Desktop"

Typed on the password i wanted to use (you can run a different command to have a password less key - see below)
This generated two files in .ssh - id_ed25519 and id_ed25519.pub

still in powershell i ssh'd onto the zabbix server

ssh <user>@<ip>

Once in ran the following commands

sudo mkdir ~/.ssh
sudo nano ~/.ssh/authorized_keys

copy the contents of the .pub file on the windows machine

sudo chown YourUserName:YourUserName ~/.ssh -R
sudo chmod 700 ~/.ssh
sudo chmod 600 ~/.ssh/authorized_keys

Then from powershell ssh <user>@<ip> and it just asked me for the key password and i'm in

Updated - 28/02/2020

Following on from my post, what do people recommend.

This is open for both Internal Only servers (like me) or hosted servers that you might need/want SSH on.

When securing SSH with Public/Private Keys, do i need to generate "Keys" for every person that will login?
Or can we "Share" a common key.

I'm locking down some Linux Servers over the next few weeks, they are all internal servers and not accessed remotely via the internet. I'm the main person that will log in via SSH mainly to run updates and change the odd config file, but i want to check if i need to give other users SSH access.

@jmoore Yeah i love all my Huawei phones, i have a P20 Pro and the kids have the Lite.
I've always been a fan and don't think i'll change (unless they stop selling phones ).

As you said imo if they are doing something everyone else most probably doing the same