January 30, 201412 yr You can set up a key exchange a client to the server which would allow password less entry. The issue then becomes rsyncing the authorized_host file from /boot/config into it's appropriate place upon boot up. So puTTY on the machine I tried this from has the server keys now, but I would have to give the server the client keys. And if I wanted to use more than one client I would have to give the server their keys as well. Or, I can set a root password, and then the clients just need the server keys. I think I must be missing something. If the server will give its keys to anyone and then you just need the password, how is this more secure than telnet with password. Is it just the encrypted communications?
January 30, 201412 yr So puTTY on the machine I tried this from has the server keys now, but I would have to give the server the client keys. And if I wanted to use more than one client I would have to give the server their keys as well. Or, I can set a root password, and then the clients just need the server keys. I think I must be missing something. If the server will give its keys to anyone and then you just need the password, how is this more secure than telnet with password. Is it just the encrypted communications? How To Secure Your SSH Server Everything you wanted to know and more.
January 30, 201412 yr How To Secure Your SSH Server Everything you wanted to know and more. lmgtfy Sorry, got carried away. Felt like I was having a conversation.
January 31, 201412 yr Keys let you verify the server you're talking to for starters, once you accept them seeing that dialog again is a warning that this isn't the server you expected. Sent from my iPad using Tapatalk
July 1, 201412 yr came upon this thread - when i tried to use the awesome Juice SSH Monitoring plugin (for Juice SSH Pro). I got an error that it only works on SSH. It's a nice boxy gui that shows CPU, memory, etc. cool tool to have. so +1 for enabling SSH.
April 30, 201511 yr +1 on disabling telnet. If someone is ready to delve to unraid's shell/commandline, they should at least be able to setup an ssh client.
November 4, 20169 yr Thanks for the script to disable Telnet in my go file. The last thing I need is for arbitrary software on local machines to be able to sit there and hammer that cleartext entry point for my root password. Of course, I suppose they could very well do the same exact thing to the http port. I guess that's the next thing to go. I'll even accept self-signed, just instruct people on how to add an exception for the original certificate fingerprint generated by the server, and be wary if they ever connect and find their browser reporting a certificate error again.
Archived
This topic is now archived and is closed to further replies.