[Hardening Ssh Setup.]

What are you having problems with when trying to set the keys? You need to change two settings, which are:

PubkeyAuthentication and PasswordAuthentication. Change Pubkey to yes and password to no and add your public key to ~./.ssh/authorized_keys

You can recreate keys by using ssh-keygen.

Here's my sshd_config file for reference - it needs some clean up, but it works for me.

# Package generated configuration file
# See the sshd(8) manpage for details

# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768

# Logging
SyslogFacility AUTH
LogLevel INFO

# Authentication:
LoginGraceTime 30
PermitRootLogin no
StrictModes yes

RSAAuthentication no
PubkeyAuthentication yes
#AuthorizedKeysFile     %h/.ssh/authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no

#MaxStartups 3:50:10
#Banner /etc/issue.net

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

UsePAM yes
AllowUsers charles
GatewayPorts no
AllowTcpForwarding yes
KeepAlive yes
IgnoreUserKnownHosts no
PasswordAuthentication no

[The Windows Vs Linux Bullshit]

Wow, just wow.

[Booting Ubuntu Server 10.04 X64 From Multipass]

Basically I just want to install server from my multiboot USB instead of using another usb key.

I'm probably just going to throw everything into / and leave it as is, since that appears to work.

Thanks for the info. :)

[Booting Ubuntu Server 10.04 X64 From Multipass]

Hi,

I was able to get it to boot by placing everything in the root directory of the thumb drive.

I ideally want to have everything in it's own folder so I can keep the clutter to a minimum, but if I move the files and edit the kernel string to point to where the files are, it fails to mount the "cdrom."

It works perfectly fine if I leave all the files in the root.

Here's the menu.lst entry for it:

title Ubuntu Server x64 (Working)
kernel=/install/vmlinuz noprompt cdrom-detect/try-usb=true file=/cdrom/preseed/ubuntu-server.seed
initrd=/install/initrd.gz
boot

I've tried moving the files to /lucidserver/ and editing the menu.lst entry. It boots but fails after trying to mount the cd.

Here's the menu.lst code for that one:

title Ubuntu Server x64 (Testing)
kernel=/lucidserver/install/vmlinuz noprompt cdrom-detect/try-usb=true file=/cdrom/preseed/ubuntu-server.seed
initrd=/lucidserver/install/initrd.gz
boot

Any help is appreciated. I can just leave everything in the root, but I really want it to be a bit more organized.

[Netbook Linux Distro Choice]

BT4 should run fine on an eeePC. I've run it on my eeePC 1005HA without any problems (outside of the screen being so damn tiny)

[Removing Wd Firmware Virtual Cd]

Hrm, interesting. I was just going off a link I saw, since I don't have a WD external.

[Removing Wd Firmware Virtual Cd]

http://superuser.com/questions/44318/how-d...from-my-desktop

[Closure]

Hope you still stick around moonlit, even if it's not as an admin.

You've brought some good advice. :)

Good read too.

[How Do You Secure Your Home Pc?]

I only run an AV and let Windows deal with the firewall and haven't had any problems.

Sidenote: Using a VM in "seamless mode" works great for web browsing.

[How Can I Remove My Company's It Dept Installed Spyware?]

Looks like the OP edited the link back in.

F'ing spammers.

[What Version Of Linux?]

It really depends on what you want to do. If you want to compile everything from source and find out how everything "works" you might look into Gentoo.

Personally that's too much work for me, just to get an OS up and running.

[What Version Of Linux?]

That machine should run almost any flavor of *nix or *BSD with little problems (depending on specific hardware).

CentOS and FreeBSD are nice, but I can't be arsed to learn them when Ubuntu works what I want to do.

[The Windows Vs Linux Bullshit]

ROFL nice one.

At least you didn't bring up emacs or the gnu/linux name debate.

Aww I was going to mention emacs vs vi!

I stick to vi or nano myself..

[Freeware Iso Image Creator]

I use ImgBurn all the time. :-)

[The Windows Vs Linux Bullshit]

Lol @ moonlit. So true.

[Router Web If Password]

If you were sharing wifi you might as well set up HTTPS.

Having it set to http doesn't mean that someone with wireshark can find the password, since you have to be between the host and the router to capture packets. Or at least that's what I thought (unless it's wireless), so correct me if I am wrong. :)

[Episode 7x21]

Thought it was a pretty cool episode. Water cooling looks like a fun project to do if you are really into OCing your rig.

I mostly run air cooling, but I don't really do any overclocking.

[Router Web If Password]

Most of the routers I've worked with (except really old ones) can use https instead of http for the web interface.

If you are worried about the password being sent in cleartext, just use https.

[Receipts]

I always shred receipts.

[Recommendations - Pfsense Mini Itx Mb's]

That's great. Very cool.

[Recommendations - Pfsense Mini Itx Mb's]

That's a nice board. No video out, but you can probably install pfSense on the CF and configure it on a different machine, then put it in that board.

[Stumbled On Something Odd...]

Looks like an Alfa AWUS036H. They don't even tell you the model. >.<

I'd personally get it from here: http://www.data-alliance.net/-strse-73/Alf...-USB/Detail.bok

But that's just me.

[I Broke Win 95 (himem.sys)]

Yah, Win95 didn't ship with USB support. I think they added it in version B, with a patch, but meh, the support was shitty. Win98 USB support wasn't really that much better either.

[I Broke Win 95 (himem.sys)]

That would by why you put the CD in another computer and grab the file from it, or get it somewhere online.

Put it on a floppy and transfer it over.

Hell you can even download this here: http://1gighost.com/ed/jamiephiladelphia/boot95b.exe

Run it to image a floppy then boot off said floppy and replace the himem.sys file.

Man, I am glad that I don't deal with Win95 or Win98 anymore.

[Install Ubuntu 10.04 Beside Windows 7 (help)]

I haven't done an install with an encrypted Win7 install, but I can tell you that it should be fine in a dual boot configuration.