View Single Post
  #5   (View Single Post)  
Old 17th December 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

According to http://www.forum.psoft.net/showthread.php?t=23824 you require without-password in order for two hsphere servers to transfer data.

"without-password' means password authentication cannot be used for root sessions, hence some other authentication method must be used. According to the same link, Hsphere uses shared keys.

A properly functioning ssh(1) client will not prompt for passwords. Brute force scripts (ssh attacks) don't use real ssh clients and will submit passwords anyway, which sshd(8) will ignore, though it will tell you about them it its logs.

Choices:
  • ignore this, knowing that another valid form of authentication must be used for root access.
  • Disable sshd access via firewall from any but confirmed IP addresses of your hsphere servers
  • In combination with the firewall, above, set up a second sshd(8) daemon listening on another port, that disallows root logins. Use this other daemon for non-Hsphere ssh use.
  • If Hsphere allows non-standard ssh connection ports, set up a private sshd daemon to listen for hspehre connections on another port, and use the default port 22 daemon for everything else. Set up an appropriate firewall, allowing only hsphere servers access to this daemon.

Last edited by jggimi; 17th December 2009 at 11:02 AM.
Reply With Quote