[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] sshd security tweaking

Subject: Re: [cobalt-security] sshd security tweaking
From: "Mez" <mez@xxxxxxx>
Date: Wed, 3 Apr 2002 13:05:35 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

If only you require SSH access to the server, deny all access via hosts.deny
to ssh (sshd: ALL) then add your host to the hosts.allow file (sshd:
your.host) - this is how i have my raq3 setup, deny all access to sshd and
ftp to everyone, then just add the hosts of users who require shell access

-John
----- Original Message -----
From: "David Garcia Watkins" <dgw@xxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Wednesday, April 03, 2002 9:53 AM
Subject: Re: [cobalt-security] sshd security tweaking


> Hi,
>
> Lines in the config file are commented, because they are the default
values
> for each option. If you want to change a value, uncomment it, and change
it.
>
> Changing the port could fool some port scanners, not all. But its still a
> good addition to your security measures.
>
> Protocal actually spells Protocol, maybe this is your problem?
>
> and, yes, its a good idea to disable SSH1.
>
> David Garcia Watkins
> dgw@xxxxxxxxxx
>
> ----- Original Message -----
> > Since I, as server admin, am the only person needing shell access, I was
> thinking of changing the port to which sshd listens to something more
> obscure, rather than the default 22. Does this help?
> >
> > Would it be done in the /etc/ssh/sshd_config file? It seems that every
> line in that file is commented out in the version of ssh I downloaded from
> http://pkgmaster.com/.
> >
> > I have uncommented the line to stop direct root login myself.  I also
> uncommented the line listing just Protocal 2, but that caused an error
when
> I tried logging in.  Should I still attempt to turn off acceptance of SSH1
> as well?
> >
> > Is this all done in the same config file?
> >
> > Thanks for advice!
> > Rod.
> >
> >
> > --
> >
> > _______________________________________________
> > Sign-up for your own FREE Personalized E-mail at Mail.com
> > http://www.mail.com/?sr=signup
> >
> >
> >
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>
>

References:
- [cobalt-security] sshd security tweaking
  - From: Rodrego Alverez
- Re: [cobalt-security] sshd security tweaking
  - From: David Garcia Watkins

Prev by Date: Re: [cobalt-security] sshd security tweaking
Next by Date: [cobalt-security] too many files open?
Previous by thread: Re: [cobalt-security] sshd security tweaking
Next by thread: Re: [cobalt-security] sshd security tweaking

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index