[WBEL-users] does anyone have any suggestions for setting up a
remote SSH server using WB 3.0?
Benjamin J. Weiss
Benjamin J. Weiss" <benjamin@birdvet.org
Wed, 29 Sep 2004 12:42:45 -0500 (CDT)
On Wed, 29 Sep 2004, Van Loggins wrote:
> I need to make it as secure as possible.
>
> I currently have a old Celeron 700 MHz system running Fedora Core 1
> working as a remote SSH server, but since fedora has dropped official
> support for it, and I keep getting numerous attempts to log into the
> system using nonexistant accounts from different IP addresses
> (unsuccessful so far), I feel that I need something more secure.
>
> I'm replacing the large clunky Celeron 700 MHz system with a much more
> streamlined Mini-Itx system, this way I take up less cabinet space, and
> get the same performance. I have loaded the unit with WhiteBox Linux 3.0
> and it seems to work very well on it. The unit has a Epia Via C3 800 MHz
> processor, 128 megs of ram, and a 4.3 gig laptop hard drive. No CD-Rom
> or Floppy. I used a USB CD-RW drive to install WB 3.0 onto it.
>
> The system needs to be configured to allow 3 different people to connect
> into it from any IP address on the internet, absolutely no SSH root
> Access (authorized users will use su to switch to root if needed), and
> if possible I would like to configure the system so that it will drop an
> ip address using iptables if more than 4 or 5 attempts are made from it
> to log into the system using either a nonexistant account or as root.
> Also the old system is configured not to allow X to work through SSH, so
> I plan on setting the new system up the same way
>
> The new system also does not have X installed or configured
>
> any suggestions you can offer me on ways to accomplish my goal are most
> welcome.
One thing that you should do is to change the Protocol 2,1 line to only
have protocol 2. Protocol 1 has some nasty holes in it. Don't forget to
restart the sshd service afterwards.