security probe
 

Sir

I am using RHEL3 as our internet server(squid proxy)in my office.
one of my collegue using PUTTY to access inter server, coz he knows the root passwd.

can u pls tell me to block PUTTY to access this important server without change root passed. is there any other options?


thanks in advance


soumalya

Does this server need to offer ssh access? Even if you do, you can disable root ssh logins. Actually, you should do that in any case.

Edit /etc/ssh/sshd_config:
From
#PermitRootLogin yes
to
PermitRootLogin no

Thanks 4 ur reply

is this the way to block accessing ssh and telnet?

Blocking ssh root login would be useless if your coworker was clever enough to add himself to the wheel group...this would allow him to login as a normal user then su to root.

You can add rules to iptables to drop packets from his machine, or you could disable sshd completely. Telnet shouldn't be used anyhow, so it's best to shut it off, too.

If you require ssh access, you can set up a strict iptables rule set to deny connections from anyone but certain machines...but without changing the root password, you still have to consider the physical security of the machine (if your coworker can access the machine directly, he can login as root since he knows the password).

My advice would be to a) set up iptables for strict rules, or b) disable sshd/telnet.

And I'd change the root password regardless!

then what will be the best solution to stop accessing ssh and telnet from client.


can u give the steps



thanks again

Go ahead and restrict SSH access to clients that you trust and change the root password. If you have a root password that has been divulged, it needs to be changed. This will also remove su/sudo and physical access risks.