LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-07-2003, 08:29 AM   #1
toastermaker
Member
 
Registered: Oct 2003
Location: coastal alabama, united states
Distribution: Mandrake 10.0 official, slackware 9.1
Posts: 219

Rep: Reputation: 30
How to further configure Ssh?


Googling for" networking" and "Ssh" for newbies has led mostly back to the man pages for ssh at some point in the tutorial/help files.
I have read man ssh a few times but still need some/a lot of help.

I have alwasy used trial and error and perserverance to help make up for my inability/slowness at understanding more complicated materials.
This leads to where I am now.

I have Ssh "working" on my lan, I can load and use apps from box A on box B and vice versa. (Thanks to Demonbane and tgflynn for helping me get this far)

Now I want to configure Ssh for security from and while on the internet

If there is a Windows style tutorial (takes me by the hand , line by line, the next window will look like this, type this here etc...) please point me to it.

If not please tell me the - most relevent - lines/paragraphs to study in the ssh man page for what might be the easyist to configure options for security for a newbie.

Also in particular I did not see if Ssh defaults to protocol 1 or 2 or none?

Did I post this in the correct forum as I , myself am still an extreme newbie even though (I think) this is a networking problem?

Continued gratitude to all those who help us newbies.

Last edited by toastermaker; 11-07-2003 at 09:18 AM.
 
Old 11-07-2003, 08:59 AM   #2
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
Blog Entries: 1

Rep: Reputation: 416Reputation: 416Reputation: 416Reputation: 416Reputation: 416
First, make sure you are using the newest version of OpenSSH. There have been several security fixes lately, so it is worth checking. There are a couple of settings in your sshd_config file that are worth doing. First is the AllowUsers setting. If it isn't in your sshd_config, you can add it with a text editor. Basically, the users listed on the AllowUsers line are the ONLY users that are allowed to connect via ssh. On my box, I'm the only user listed there. Also be sure that PermitRootLogin is set to no. There is absolutely no reason to allow root ssh access.


Of course, if you are security minded, you are going to be running a firewall and turning off unneeded services. You should also investigate an intrusion detection system like Snort and a file check system like Aide or Tripwire. These are especially critical if your computer is exposed to the internet. They won't stop an intruder, but if the worst happens, you will have a good record of what got changed.
 
Old 11-07-2003, 09:00 AM   #3
mossy
Member
 
Registered: Aug 2003
Location: USexIRL
Distribution: *nix
Posts: 849

Rep: Reputation: 30
firstly you will want to get the latest version or the updates for it as Open ssh recently released some important security updates. ssh is pretty much already configged for security - that is what it is all about "secure shell" It runs on port 22 so you can port forward to you ssh server [or pc running the sshd]. THere are some really interesting things you can do with it. As far as security goes - just start using it once you have the latest version or your current version patched.
 
Old 11-07-2003, 09:03 AM   #4
mossy
Member
 
Registered: Aug 2003
Location: USexIRL
Distribution: *nix
Posts: 849

Rep: Reputation: 30
Hangdog42 has some good advice for other parts of the OS but I use root access for administering my server all the time so I have this enabled in SSH.
 
Old 11-07-2003, 09:10 AM   #5
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
Blog Entries: 1

Rep: Reputation: 416Reputation: 416Reputation: 416Reputation: 416Reputation: 416
Quote:
but I use root access for administering my server all the time so I have this enabled in SSH
Do you play in traffic too?

I don't mean to be a smartass, but this strikes me as a really bad idea. Why do you log in as root instead of allocating the needed functions with sudo?
 
Old 11-07-2003, 09:16 AM   #6
mossy
Member
 
Registered: Aug 2003
Location: USexIRL
Distribution: *nix
Posts: 849

Rep: Reputation: 30
I am not familiar with sudo...enlighten me!
 
Old 11-07-2003, 09:24 AM   #7
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
Blog Entries: 1

Rep: Reputation: 416Reputation: 416Reputation: 416Reputation: 416Reputation: 416
Basically, sudo allows you to give normal users the permission to run commands that are normally reserved for root. You'll definitely want to check out the Sudo Main Page.
 
Old 11-07-2003, 09:41 AM   #8
mossy
Member
 
Registered: Aug 2003
Location: USexIRL
Distribution: *nix
Posts: 849

Rep: Reputation: 30
thanks man I will check it out.
 
Old 11-07-2003, 09:52 AM   #9
hw-tph
Senior Member
 
Registered: Sep 2003
Location: Sweden
Distribution: Debian
Posts: 3,032

Rep: Reputation: 58
Or, you could just log in as yourself (not root). When you're in you can type su and when prompted, the root password. You'll see the $ prompt change to # to indicate that you're root. When you're done doin your root stuff, type exit to go back to your normal self.

Håkan
 
Old 11-07-2003, 10:02 AM   #10
mossy
Member
 
Registered: Aug 2003
Location: USexIRL
Distribution: *nix
Posts: 849

Rep: Reputation: 30
hw-tph - that's what I do but I think I'll look into sudo.
 
Old 11-07-2003, 04:12 PM   #11
toastermaker
Member
 
Registered: Oct 2003
Location: coastal alabama, united states
Distribution: Mandrake 10.0 official, slackware 9.1
Posts: 219

Original Poster
Rep: Reputation: 30
Thanks for the excellent replies.
I will check my version of ssh and then look at my sshd_config file.

Continued gratitude to all those who help us newbies

easylaterT
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
how to setup rsh or configure ssh properly cheeku Linux - Software 5 03-30-2006 08:47 AM
Help:how to configure ssh in colinux 0.6.2(debian 2.6 image) sssslang Linux - Security 1 08-22-2005 09:32 AM
configure terminal to send keepalives for ssh naijaguy Linux - Newbie 3 03-22-2005 05:40 PM
ssh ./configure problem mrobb Red Hat 1 08-05-2004 03:08 PM
How do I install/configure ssh? Sm1ler Linux - Networking 7 04-16-2004 05:36 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 09:15 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration