[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How setup and configued ssh and telnet access is Linnx 7.2

If you have installed Red Hat version 7.2, then _be sure_ that you update
your version of SSH that you are using. Check for your version by doing:

rpm -qa | grep ssh

Assuming you are running OpenSSH, then have a look at:

	http://www.openssh.org/security.html

to get a feel for why you might want to start out with a newer version of
SSH. From rpmfind.net I was able to find an OpenSSH 3.5p1 rpm for Red Hat.
From the Red Hat site I could find a 3.4p1-2 version at:
	
	http://www.redhat.com/apps/download/

By searching on the string 'openssh'

If you want to see some discussions of how to use SSH practically see my
SSH presentation from the last AfNOG workshop in 2002:

	http://www.ws.afnog.org/afnog2002/track1/security/index.htm

Whatever you do, you _definitely_ want to run SSH vs. Telnet, and SCP vs.
FTP (you can use SFTP as well). If you let your users in via Telnet on
your security will be compromised. Note, other protocols that send user
passwords in the clear by default are POP and IMAP as well as HTTP for
Webmail. You should consider using an SSL certificate for all three to
make them secure as well.

Goodl luck.

Sincerely,
	- Hervey Allen for nsrc.org

On Mon, 02 Jun 2003 20:22:24 +0300 (EAT)
ziggy at one2net.co.ug wrote:

> 
> Paul
> 
> i think by default the ssh daemon should be running you can cross check
> that by doing an lsof -i:22 (if you have lsof) or do a normal telnet to
> port 22 , next what you can do is allow that users IP to connect to port
> 22
> 
> look below if you use IPCHAINS if not please go to google and have a
> look at some iptables commands to allow ssh connections.
> 
> [snip]
> 
> #SSH
> $IPCHAINS -A input -p tcp -s xx.xx.xx.xx -d $OUTERNET 22 -j ACCEPT
> 
> [/snip]
> 
> xx== your friends ip address
> 
> this user will need a /bin/bash shell so that they dont get thrown off
> when they try to log onto your box , you can issue a useradd with a -s
> /bin/bash if your system doesnt assign a "bash" shell by default.
> Basically the most important to setup is the firewall setting and shell
> for the user. Paul what mail problem do you have maybe we could help you
> with that too so that you can learn how to setup a mailserver without
> anyones assistance :). Why do you need to give telnet access also am
> sure ssh access will be good enough. This is just the basic setup, you
> can look into other security features for ssh access when you get the
> hang of using the tools that you have on you Redhat box. I stand to be
> corrected on this. Before i forget you might also want to give this user
> sudo rights because am sure if he/she is going to do some work on your
> mailserver he/she might need root rights or you could always give them
> your "root" passwd if you REALLY trust them :).
> 
> cheers
> 
> Ziggy
> 
> > Hello collegues,
> >
> > Pls I have just installed my linux box 7.2 version and I need an
> > asistant on how to give telnet and ssh access to a user I created from
> > the user manager to have access to my linux box so dat he can assist
> > me to configured the mail server for receiving and sending of mail.
> > thanks very much for cooperation
> > ajayi
> >
> >
> >
> >
> > ---------------------------------
> > Do you Yahoo!?
> > Free online calendar with sync to Outlook(TM).
> 
> 
> 
> 
> -----
> This is the afnog mailing list, managed by Majordomo 1.94.5
> 
> To send a message to this list, e-mail afnog at afnog.org
> To send a request to majordomo, e-mail majordomo at afnog.org and put
> your request in the body of the message (i.e use "help" for help)
> 
> This list is maintained by owner-afnog at afnog.org

-----
This is the afnog mailing list, managed by Majordomo 1.94.5

To send a message to this list, e-mail afnog at afnog.org
To send a request to majordomo, e-mail majordomo at afnog.org and put
your request in the body of the message (i.e use "help" for help)

This list is maintained by owner-afnog at afnog.org