Re: Need advice on setting of an SSH server for untrusted users

From: Kenneth (jjjkkklll_at_cox.net)
Date: 09/16/05

  • Next message: Darko Gavrilovic: "Re: Use iptables to block all non-US ssh traffic"
    Date: Fri, 16 Sep 2005 12:22:47 -0700
    
    

    On Fri, 16 Sep 2005 14:01:19 -0400, General Schvantzkoph wrote:

    <snip>

    >
    > Did a chmod 777 on all user directories so that nobody can see anybody
    > else's files.
    >

    Ummmm, 777 gives everyone complete permission. don't you want something
    like 700 ?

    > SSH on all of my internal machines require RSA authentication and none of
    > them have any keys from the SSH server in their authorized_keys files.
    >
    > I put the SSH server in the /etc/hosts.deny file on all of the other
    > systems on my LAN.

    Nothing wrong with this. Your SSH server should be configured to not
    respond to SSH packets from the internal network and/or firewalled to be
    sure.

    >
    > I disabled Samba and NFS on the SSH server, I don't actually use either
    > but I turned off the mounter just in case.

    Good idea, but if you want to be paranoid, then remove packages such as
    these, so there is no chance they could be started.

    >
    > Using webmin I disabled rlogin, rexec and rsh access from that SSH server
    > on all machines that have those services.
    >
    > I removed the web browsers from the system.
    >
    > What else should I do?


  • Next message: Darko Gavrilovic: "Re: Use iptables to block all non-US ssh traffic"