Securing a system and its SSH install for access from the outside

TheOneKEA · 07-07-2004, 10:18 AM

I have OpenSSH v3.6.1p2-19 installed into a Fedora Core 1 distro on my firewall machine. I currently have RSA passphrases set up and can SSH into the machine easily.

Is there a good online source of information on how to secure this machine's SSH installation so that I can unblock incoming connections to port 22 in my firewall, and allow me to SSH into my machine from the Internet?

I can provide the configuration files on request.

qwijibow · 07-07-2004, 10:41 AM

just update, make sure you are running the very latest secure version.
also, chnage the default setup so the server does not run as root, and only has access it needs.

TheOneKEA · 07-07-2004, 10:59 AM

Quote:

Originally posted by qwijibow
just update, make sure you are running the very latest secure version.
also, chnage the default setup so the server does not run as root, and only has access it needs.

Thanks for the tip. Is there a specific version of OpenSSH I should install?

iainr · 07-07-2004, 11:11 AM

Take a look at www.openssh.org. v3.8.1p1 looks like the latest.

TheOneKEA · 07-07-2004, 03:27 PM

Thanks, I'll have a look.

BTW, I'm having a bit of trouble with ssh-agent. I use graphical logins on my Red Hat 9 machine, and I have an .Xclients file which does the following to start my windowing environment, XFce 4:

Code:

#!/bin/bash
[ -x /usr/bin/ssh-agent -a -z "$SSH_AGENT_PID" ] && \
exec /usr/bin/ssh-agent /usr/bin/startxfce4 || exec /usr/bin/startxfce4

Yet ssh-agent never gets started. I

and it said that if a commandline is given to ssh-agent, it will shut down when the command in the commandline shuts down - yet I don't see it in the process list after login. Any ideas?