Thanks for the great suggestions. Thanks Peter for the good article. It was well laid out and easy to follow.
I will have to look into the rest of the suggestions more. Thanks, Dan > I consider most of these steps pretty paranoid, since ssh is pretty > secure in the first place (at least the current version anyways). > > Besides the things mentioned by other people: > Do you have physical security? > BIOS and GRUB/LILO passwords might help the casual physical attack > Have only the required ports open, use nmap to verify (locally and > remotely). > You are fully patched right? > All non-used user accounts closed > All open accounts have NULL passwords (use ssh-keys for access) > Do you have backups? > Are they secure as well. > Do you need encrypted swap? > Encrypted FS? > > On Fri, Aug 01, 2003 at 11:50:41AM -0700, Daniel Hurt wrote: > > > > I know the title is kind of redundant, but I was curious if there is > > anything beyond these couple of steps that I have taken to secure ssh? > > > > First I have edited the /etc/securetty to contain only these entries: > > tty1 > > tty2 > > tty3 > > tty4 > > tty5 > > tty6 > > > > This is to allow root to login from the local console only. I have also > > edited the sshd_conf file to disallow root logins. This box is sitting > > behind a router that only has port 22 forwarded to this machine and I have > > setup the router so that it does not respond to ping request from the > > outside world. The final thing, I could think of is to set hosts.allow to > > the certain IP�s that I might connect from, but I would like to connect > > from anywhere to this machine. Is there anything else that I might > > consider to help keep the machine secure? > > _______________________________________________ > > vox-tech mailing list > > [EMAIL PROTECTED] > > http://lists.lugod.org/mailman/listinfo/vox-tech > > -- > Bill Broadley > Mathematics > UC Davis > _______________________________________________ > vox-tech mailing list > [EMAIL PROTECTED] > http://lists.lugod.org/mailman/listinfo/vox-tech > _______________________________________________ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
