IPChains (was: Installing OpenSSH)
On Fri, 7 Jul 2000, Ira Abramov wrote: Am I secure now? most probably an IPchains script should help. I just moved back from Frame Relay to ISDN, so I updated my firewall+masq script for the new setup. feel free to use it as a start point, although it needs much revision. remember to change the interface type if you don't use ISDN and all the masquarading stuff with eth1 if you are not into home networking. any security fixes or other ideas will be galdly accepted! http://www.scso.com/linux/dialfirewall.init.html -- Ira Abramov, GNU/Linux advocate. (@- //\ "Akamai, Google, MicroSoft, Sun, Oracle, Intel, NASA, Sony, v_/_Python, JPG, PNG - CS masturbation is changing the world." -- C.S. answering to Linus, 3/7/2000 = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Installing OpenSSH
Richard Fiedler wrote: I heard what all of you were saying about security and installed OpenSSL, OpenSSH, and the OpenSSH Server. I see now a sshd listening on port 22. How do I get this all to work now? Is there no configuration? I wish to connect with my Macintosh Powerbook G3. How do I do it? The default should be quite reasonable. You can find the configuration files (assuming you installed from the RPMs I know) at /etc/ssh. If not, try /usr/local/etc/ssh. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Installing OpenSSH
Ira Abramov wrote: On Fri, 7 Jul 2000, Richard Fiedler wrote: I heard what all of you were saying about security and installed OpenSSL, OpenSSH, and the OpenSSH Server. SSL for the webserver? No. OpenSSH doesn't contain any cryptographic algorythms. Instead, it gets them from the OpenSSL package. This has nothing to do with implementing SSL itself. As far as I understand this, SSH is NOT based on SSL. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Installing OpenSSH
Ira Abramov wrote: On Fri, 7 Jul 2000, Richard Fiedler wrote: I heard what all of you were saying about security and installed OpenSSL, OpenSSH, and the OpenSSH Server. SSL for the webserver? If i'm not mistaken, openSSL are the libs that openSSH needs (required by the rpm's of openSSH) How do I get this all to work now? Is there no configuration? I wish to connect with my Macintosh Powerbook G3. How do I do it? Am I secure now? most probably an IPchains script should help. I wish it was that nice and simple, but you're on the way to be better secured. I'm hardly a security expert, but I'm aware of those matters (and, its on my "Waiting list"...). If you intend investing some resources on this matter, I suggest taking that IPchains advice from Ira (Ira, I made a quick search through IGLU site and IGLU on Egroups site, and couldn't find that ipchains script you posted a few months ago. Can you repost that link/script ? [perhaps putting it on Egoups-IGLU files]). I also suggest using TCPwrapper, as another line of defense (and early warning). TCPwrapper are pretty easy to set up. OpenSSH documentation really lacks. You can start with http://www.tac.nyc.ny.us/~kim/ssh/ General security matters can be found at http://www.securityportal.com/lasg/ But there are many, many sites on the net on this subject. Boaz. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Installing OpenSSH
On Sun, 9 Jul 2000, Boaz Rymland wrote: SSL for the webserver? If i'm not mistaken, openSSL are the libs that openSSH needs (required by the rpm's of openSSH) ok, I live and learn new stuff each day... that IPchains advice from Ira (Ira, I made a quick search through IGLU site and IGLU on Egroups site, and couldn't find that ipchains script you posted a few months ago. Can you repost that link/script ? [perhaps putting it on Egoups-IGLU files]) it is, as before, here: http://www.scso.com/linux/firewall.init.html very out of date, and won't work as is because it's a quick (and erronous) edit of my FR-intended script not fully adapted to ppp. but it's a good skeleton to start with. I will re-release once I rebuild it for netfilter (kernel 2.4) I also suggest using TCPwrapper, as another line of defense (and early warning). TCPwrapper are pretty easy to set up. ssh supports linking to libtcpd during compile. for inetd-intended daemons, I sugest daemontools and tcpserve from DJB. I never use inetd anymore now. -- Ira Abramov, GNU/Linux advocate. (@- //\ "Akamai, Google, MicroSoft, Sun, Oracle, Intel, NASA, Sony, v_/_Python, JPG, PNG - CS masturbation is changing the world." -- C.S. answering to Linus, 3/7/2000 = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Installing OpenSSH
I heard what all of you were saying about security and installed OpenSSL, OpenSSH, and the OpenSSH Server. I see now a sshd listening on port 22. How do I get this all to work now? Is there no configuration? I wish to connect with my Macintosh Powerbook G3. How do I do it? I see the following listening on the tcp ports through netstat. CGServer - my mail server (primary purpose of server) X - ??? kdm - ??? httpd - Web server for web based mail services gpm - ??? Am I secure now? I have two real domain names ready - thefiedlerfamily.org and orotlev.net Next week I put it on a frame relay connection in the real world. Help as always is greatly appreciated. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Installing OpenSSH
On Fri, 7 Jul 2000, Richard Fiedler wrote: I heard what all of you were saying about security and installed OpenSSL, OpenSSH, and the OpenSSH Server. SSL for the webserver? How do I get this all to work now? Is there no configuration? I wish to connect with my Macintosh Powerbook G3. How do I do it? get a macintosh ssh client, search on google. CGServer - my mail server (primary purpose of server) never heard of it, donno if it's secure, what's wrong with exim or qmail or sendmail or...? X - ??? kdm - ??? should be neutralized from listening to external TCP sockets, check to make sure they are indeed open to the world! httpd - Web server for web based mail services gpm - ??? should not be listening on TCP, are you sure it's GPM? Am I secure now? most probably an IPchains script should help. -- Ira Abramov, GNU/Linux advocate. (@- //\ "Akamai, Google, MicroSoft, Sun, Oracle, Intel, NASA, Sony, v_/_Python, JPG, PNG - CS masturbation is changing the world." -- C.S. answering to Linus, 3/7/2000 = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]