Tag Archives: ssh

Xauthority

Generally when you try opening any X application, say xclock or xterm, as a root user on a remote system, It gives an error saying “Can’t open display”. To get rid of this message what you can do is,

– First ssh with -X into remote system
$ ssh -vX foo@example.com

– Export a variable
$ export XAUTHORITY="~/foo/.Xauthority"

– Start X app (I am assuming user “foo” has a superuser privileges on remote system)
$ sudo xterm

using denyhosts

I came across this service called denyhosts
It basically keeps your server from the unwanted ssh attempts and brute force attacks. For denyhosts to work, you need to have sshd with tcp_wrappers support and python.

The IPs from which unwanted ssh attacks come are listed in /etc/hosts.deny file by denyhosts
If you want to whitelist any of them, then you can put them in /etc/hosts.allow file.

For e.g. putting sshd: 192.16.20.3 line in /etc/hosts.deny file will disable all ssh attempts from that host and putting it in /etc/hosts.allow will allow them.

Additionally what I do on my systems is … I keep only one system accessible from internet (sshd listens on both private and public interface) and on other systems I configure sshd to listen only on private interfaces. This can be achieved by putting

ListenAddress private_ip_here

line in /etc/ssh/sshd_config

The other security measure is to disable root user to access ssh at all. put PermitRootLogin no line in /etc/ssh/sshd_config file, then access system with a normal user (not a sudoer) through ssh and then use su - to gain root access.