Re: Setting up a secure shell server

From: Seth Arnold (sarnold@wirex.com)
Date: 01/14/02


Date: Mon, 14 Jan 2002 10:20:31 -0800
From: Seth Arnold <sarnold@wirex.com>
To: focus-linux@securityfocus.com


On Fri, Jan 11, 2002 at 07:39:39PM -0500, David Chin wrote:
> In message <000001c19ac3$3d79feb0$0200a8c0@slacker>, "Kevin Lisciotti" writes:
> > What I am looking for is possibly a whitepaper or how-to on setting
> > up a secure shell server.
>
> You have 2 options:
> i) use openssh [..]
> ii) use SSH.com's SSH [..]

Actually, I think Kevin was after more than "here is where to download
sshd"; I think he was after something more like, "to have shell users on
your system that you don't trust, you need to enable quotas, use PAM's
login limits, turn on process accounting, look into security-enhancing
patches to help harden the system, make sure you understand why every
setuid and setgid executable on the machine has those bits, send system
logs off to another host, and for the love of god, keep up on updates."

Well, perhaps not the "keep up on updates" -- I'm sure Kevin already
knew that piece. But one would be surprised how frequently updates are
ignored. :(

I'd suggest checking Kurt Seifried's Linux Administrator's Security
Guide. I don't know if he has updated it recently or not, but it ought
to be worth reading nonetheless.

http://www.seifried.org/lasg/

-- 
"I'm not sure which upsets me more: that people are so unwilling
to accept responsibility for their own actions, or that they are
so eager to regulate everyone else's." -- Kee Hinckley