Re: How does one setup a shell account?

From: Sundial Services (info_at_sundialservices.com)
Date: 11/30/04 

Date: Tue, 30 Nov 2004 11:03:16 -0500

Conner Destron wrote:
> Sorry to ask a newbie question, but I am still fairly new at this, having
> very recently converted my servers from M$ to Redhat 8... Anyway, I have a
> situation that calls for the need for someone to be able to access one of
> my servers (which happens to be my network router/firewall at this point)
> via a "limited shell account".

Terminology: the "shell" is the command-interpreter, or its equivalent
(e.g. a login via XWindows). A "limited shell" is one that will not
consent to obey all of the commands that, say, "bash" would.

> I created a user id and password for them
> and assigned them to the group that has ownership of the specific
> directories they need to access and then went into the services util from
> gnome desktop (as root) and restarted sshd to be sure they could use ssh
> to get in, then I opened the firewall control panel (firestarter) and
> opened port 22. When this person tries to logon (he emailed me afterwards)
> I'm told by him that it wouldn't let him. Now he didn't give me any
> information beyond that to go off of, and I don't see any hits on the
> firewall log for port 22. Am I missing a step or should I just wait to get
> more info from him?

The firewall can be told to "drop" the packets, or to "reject" them. And
the firewall can be told to produce a log entry, or not. If the packets
are dropped, the remote user has no way to know what happened to them. If
they are rejected, he'll get "connection refused." That might be useful
for now, just as a way of determining whether or not the packets are
arriving at your door.

 
> The second part of this query, which was prompted by the first part
> above... If I decided to offer a hosting space for a mud, how does one go
> about setting up shell access and port/space/memory restrictions, etc?
>
> Finally, sorry about cross-posting this, but I honestly wasn't sure which
> NG would be better to post this question in.
> -=Conner=-

Lots of hosting-providers use software designed for the purpose, like Plesk.
This simply packages all the various "necessary evils" into one convenient
place that's easy to manage. If you're serious about providing hosting
(and I might not add, "why not let someone /else/ do it for you,
instead?"), those packages might be worth looking in to.

Relevant Pages

  • RE: Slow user logon on Terminal server after migration to Windows 2003
    ... The Terminal Servers are 2000 or 2003. ... "Inside the firewall zone" means that the Citrix Servers have a firewall ... available RPC ports? ...
    (microsoft.public.windows.server.active_directory)
  • Re: medical records, web server, & stateful firewall vs packet filter
    ... > image and SQL servers directly (the image server link in particular ... The image and SQL servers ... the 2 firewall layers should run different s/ware - the idea is that a major ... security always cost a lot more than you expect (this comes up whenever we ...
    (comp.dcom.sys.cisco)
  • Re: I have been hacked (WAS: Have I been hacked or is nmap wrong?)
    ... > console based ftp client. ... the FTP servers have? ... > They are really mail servers, at least smtp for outgoing mails ... If you're firewall was dropping incoming packets destined to ...
    (freebsd-questions)
  • Re[3]: What can make DNS lookups slow? [semi-solved]
    ... My problem was that DNS lookups from and through my debian firewall ... My ISP's DNS servers are handing back replies from ... the machines inside the firewall, then I'd love to hear of it. ... # means that it queries the dmz server for everything ...
    (Debian-User)
  • RE: Secure Network Design (DMZ, LAN, etc)
    ... you'll see that their both on the same subnet. ... It has a port for the trusted network and a port ... Our firewall handles NAT. ... > servers, wouldn't it require a public IP and therefore be somewhat ...
    (Security-Basics)