[WBEL-users] does anyone have any suggestions for setting up a remote SSH server using WB 3.0?

[Benjamin J. Weiss]

On Wed, 29 Sep 2004, Van Loggins wrote:

> I need to make it as secure as possible.
> 
> I currently have a old Celeron 700 MHz system running Fedora Core 1 
> working as a remote SSH server, but since fedora has dropped official 
> support for it, and I keep getting numerous attempts to log into the 
> system using nonexistant accounts from different IP addresses 
> (unsuccessful so far), I feel that I need something more secure.
> 
> I'm replacing the large clunky Celeron 700 MHz system with a much more 
> streamlined Mini-Itx system, this way I take up less cabinet space, and 
> get the same performance. I have loaded the unit with WhiteBox Linux 3.0 
> and it seems to work very well on it. The unit has a Epia Via C3 800 MHz 
> processor, 128 megs of ram, and a 4.3 gig laptop hard drive. No CD-Rom 
> or Floppy. I used a USB CD-RW drive to install WB 3.0 onto it.
> 
> The system needs to be configured to allow 3 different people to connect 
> into it from any IP address on the internet, absolutely no SSH root 
> Access (authorized users will use su to switch to root if needed), and 
> if possible I would like to configure the system so that it will drop an 
> ip address using iptables if more than 4 or 5 attempts are made from it 
> to log into the system using either a nonexistant account or as root. 
> Also the old system is configured not to allow X to work through SSH, so 
> I plan on setting the new system up the same way
> 
> The new system also does not have X installed or configured
> 
> any suggestions you can offer me on ways to accomplish my goal are most 
> welcome.

One thing that you should do is to change the Protocol 2,1 line to only 
have protocol 2.  Protocol 1 has some nasty holes in it.  Don't forget to 
restart the sshd service afterwards.