This link has been bookmarked by 11 people . It was first bookmarked on 10 Jun 2008, by Mike Chelen.
-
20 May 10
-
09 Sep 09
-
18 May 09
-
03 Feb 09
-
22 Oct 08
-
09 Oct 08
-
08 Aug 08
-
For instance, let's assume that your corporate firewall has the IP address 1.2.3.4 and your corporation has been assigned that network as a /20, ie 1.2.3.0/20 (1.2.3.0-1.2.18.255) you could easily restrict ssh access to hosts only on your corporate network thus:
PROMPT> ec2-authorize default -p 22 -s 1.2.3.0/20 PERMISSION default ALLOWS tcp 22 22 FROM CIDR 1.2.3.0/20
making it impossible for anyone on another network to even connect to your ssh server (the ec2-authorize command instructs the firewall (integrated into every EC2 instance) to drop packets not sourced on an approved network.) To make things even more secure, let's say all traffic only comes from your firewall, we could restrict it to just one host:PROMPT> ec2-revoke default -p 22 -s 1.2.3.0/20
-
Disable Password-based Login
Log in to your instance as root and edit the ssh daemon configuration file:# vi /etc/ssh/sshd_config
Find the linePasswordAuthentication yes
and change it toPasswordAuthentication no
-
Key Generation and Distribution
In the Getting Started guide we showed how to generate the initial keypair for the root user. This is how to create similar keypairs for all users who need access to your instances.In the example below (to be run on your local machine, not your EC2 instance) replace "user" with the actual user's login, name or some other unique identifier.
ssh-keygen -b 1024 -f user -t dsa
-
-
10 Jun 08
-
02 Jun 08
Would you like to comment?
Join Diigo for a free account, or sign in if you are already a member.