SSH Public-Private Keys

So in reviewing the var/log/auth.log etc. files today, I note a drastic (as in 100%!) reduction in unauthorized SSH login attempts at the EXPLOINSIGHTS servers.  Bloody brilliant!
This either means:

  • All the hackers have turned into good guys; OR
  • Russia and China are on holiday (prior month SSH hack attempts, of which there were many had IP addresses “from these nations”, which is hardly a smoking gun as IP’s can be spoofed, but it’s all I had to go on); OR
  • Using public-private SSH login keys AND two-factor login has done it’s job* – yay!

Two-factor login is enabled for the EI servers and the services thereon.  If you are not using two-factor then I say THANK YOU – it makes you a more attractive target, so hopefully the hackers will continue to leave me alone for a while.  🙂
Tip:  And on the subject of SSH two-factor login, it took me quite a while to figure out why I couldn’t log back into my servers AFTER the first reboot after I enabled two-factor.  All the tests via SSH worked before the reboot.  It drove me NUTS.  The reason was that my Ubuntu encrypted /home/user directory is NOT unlocked via SSH login, so the SSH tunnel could not read my keys at ~.ssh/authorized_keys thus I failed the first and biggest login hurdle.  Either disable /home/user folder encryption or move your encryption keys to another location (say /var/SSH).


*I actually also did something else beyond two-factor and pub-private keys, but I am not sharing that publicly.  Message me, and if I feel like trusting you (a real email address goes a long way…), I will let you know my third factor.  🙂