LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 05-04-2005, 01:52 PM   #1
maxque
LQ Newbie
 
Registered: Apr 2005
Location: Vancouver
Distribution: Debian
Posts: 28

Rep: Reputation: 15
How do you configure machine seucurely that mortals can log into?


hello:

I am maintaining a linux server for a friend who will be traveling for up to two years. He does photography and also maintains his own web log for. He had coded the html himself. He wants the independence of his own server because there are no content restriction or space restrictions.

The problem is this: I need a way to allow him to log in remotely from places which will not have sophisticated computers. Mostly he will have access only to Windows and Putty. Carrying around public and private keys and loading them on strange computers around the country/world is just not workable. Right now ssh is becoming more and more paranoid and the required security just goes up. I would love to reduce the security level on ssh but this seems really difficult.

What good is a machine if you can't log in to it? I need sane workable security, not perfect security! Any suggestions?

maxque
 
Old 05-04-2005, 01:59 PM   #2
msound
Member
 
Registered: Jun 2003
Location: SoCal
Distribution: CentOS
Posts: 465

Rep: Reputation: 30
what will he be doing on the server while he's logged in? if hes just going to be uploading new web content and pictures then i would just have him do it through php/apache.

have him setup a password protected directory on his website that contains a page that will allow him to upload pictures through http. that will keep all of your backdoor services (ssh, telnet, ftp) secure, and itll be an easy way for him to add new content to his site from any computer with internet access.

you should be able to find a cool file upload script at hotscripts.com. of course this is all assuming he has php/apache installed on his server.
 
Old 05-04-2005, 03:22 PM   #3
maxque
LQ Newbie
 
Registered: Apr 2005
Location: Vancouver
Distribution: Debian
Posts: 28

Original Poster
Rep: Reputation: 15
Quote:
Originally posted by msound

have him setup a password protected directory on his website that contains a page that will allow him to upload pictures through http. that will keep all of your backdoor services (ssh, telnet, ftp) secure, and itll be an easy way for him to add new content to his site from any computer with internet access.

you should be able to find a cool file upload script at hotscripts.com. of course this is all assuming he has php/apache installed on his server.
Don't all the secure protocols like password authentication in apache run from the same secure subsytems? They call all works through OpenSSL. To authenticate to a web server will require a certificate and since it will be self-signed it becomes problematic.

The other problem I have is that although my ISP says I have a static IP adress. I know that it is a dhcp assigned one and only a hard-ware ethernet address. Reverse look-ups don't work! I have no idea what will happen when I try to configure a mail server on this machine.

I still may end up useing apache/php though I think he wants more control over his machine than that would allow.

max
 
Old 05-04-2005, 03:26 PM   #4
msound
Member
 
Registered: Jun 2003
Location: SoCal
Distribution: CentOS
Posts: 465

Rep: Reputation: 30
well yeah apache/php wont give him any control over the machine, it would just provide an easy way to upload new content to his web site.

im not exactly sure how htaccess works in apache. all i know is that its a secure way to password protect your website directories. the page content wouldnt be encrypted or anything, it would just prevent public users from uploading their data to the site, because they wouldnt have access to the upload script.

but youre right, if he wants to do more than that on the server you'll have to come up with a better solution. just thought id throw the suggestion out there.
 
Old 05-04-2005, 10:47 PM   #5
emetib
Member
 
Registered: Feb 2003
Posts: 482

Rep: Reputation: 33
in the /etc/ssh/sshd_config there is a line that you can add-
AllowUsers

you can put yourself, and him there, then that's all that would be able to connect to the sshd. have him make up a messed up username, so that it's not easily guessed.

depending on the systems that he has access to, he could take a live distro with him on a usb flash drive. put a key on that, and then he has instant access that is now key driven and not passwd driven.

just an idea.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
how to configure two lan cards on one machine b0nd Linux - Networking 4 10-06-2005 10:55 AM
looking at my auth.log, did I someome get into my machine? BrianK Linux - Security 2 05-23-2005 11:25 AM
Can not log in to RedHat machine squinn Red Hat 3 04-19-2005 04:52 PM
Shut down machine after log of uuccu Linux - General 1 11-24-2004 02:48 PM
sombody knows how to configure my kernel for my new machine ? balki Mandriva 4 06-20-2004 03:39 AM


All times are GMT -5. The time now is 11:05 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration