Re: Need advice on setting of an SSH server for untrusted users
From: Kenneth (jjjkkklll_at_cox.net)
Date: Fri, 16 Sep 2005 12:22:47 -0700
On Fri, 16 Sep 2005 14:01:19 -0400, General Schvantzkoph wrote:
> Did a chmod 777 on all user directories so that nobody can see anybody
> else's files.
Ummmm, 777 gives everyone complete permission. don't you want something
like 700 ?
> SSH on all of my internal machines require RSA authentication and none of
> them have any keys from the SSH server in their authorized_keys files.
> I put the SSH server in the /etc/hosts.deny file on all of the other
> systems on my LAN.
Nothing wrong with this. Your SSH server should be configured to not
respond to SSH packets from the internal network and/or firewalled to be
> I disabled Samba and NFS on the SSH server, I don't actually use either
> but I turned off the mounter just in case.
Good idea, but if you want to be paranoid, then remove packages such as
these, so there is no chance they could be started.
> Using webmin I disabled rlogin, rexec and rsh access from that SSH server
> on all machines that have those services.
> I removed the web browsers from the system.
> What else should I do?