Securing SSH Sessions The Easy Way
Getting Started With SSHRecently I've had a good deal of people ask me about SSH connections, and how they can better secure them, and I've been shocked at the sheer number of people that still use keyboard-interactive password authentication to log into SSH daemons. This article will explain the use of SSH keys and OpenSSH options to speed up and secure your SSH connection.
There are a few useful options you can pass to OpenSSH to increase your verbosity, compress and speed up your ssh connection, and change your SSH cipher to something faster and more secure;
'-v' switch. This option will allow you to see debug output for outgoing SSH connections. Specifying '-v' multiple times increases the verbosity level (maximum level 3).
'-C' switch. This option compresses all of your SSH data. Passing this option to OpenSSH may speed things up dramatically on slow networks, but on high-speed networks it will only slow things down.
'-c' switch. This option will allow you to change your cipher method. The default is 3des, which is a 3-way encryption method that is believed to be secure - however, blowfish is also available, which is a fast block cipher which also believed to be very secure and is far faster than 3des.
For example, let's say I want to log in as user 'foo' to an ssh daemon on host 'example.com'. I want maximum verbosity level, I want to compress all my data, and I want to change my SSH cipher to blowfish. The command would look like this:
ssh -vvv -C -c blowfish -l foo example.com
(Note: the higher your verbosity level, the more text you will get on your terminal while OpenSSH goes through the process of logging in to the remote SSH daemon. Even specifying only one -v can get you a veritable flood of information. Fiddle around with -v until you find a debug level that you're comfortable with.)