[WBEL-users] does anyone have any suggestions for setting up
a remote SSH server using WB 3.0?
Van Loggins
vloggins@turbocorp.com
Thu, 30 Sep 2004 07:52:57 -0400
Benjamin J. Weiss wrote:
>On Wed, 29 Sep 2004, Van Loggins wrote:
>
>
>
>>I need to make it as secure as possible.
>>
>>I currently have a old Celeron 700 MHz system running Fedora Core 1
>>working as a remote SSH server, but since fedora has dropped official
>>support for it, and I keep getting numerous attempts to log into the
>>system using nonexistant accounts from different IP addresses
>>(unsuccessful so far), I feel that I need something more secure.
>>
>>I'm replacing the large clunky Celeron 700 MHz system with a much more
>>streamlined Mini-Itx system, this way I take up less cabinet space, and
>>get the same performance. I have loaded the unit with WhiteBox Linux 3.0
>>and it seems to work very well on it. The unit has a Epia Via C3 800 MHz
>>processor, 128 megs of ram, and a 4.3 gig laptop hard drive. No CD-Rom
>>or Floppy. I used a USB CD-RW drive to install WB 3.0 onto it.
>>
>>The system needs to be configured to allow 3 different people to connect
>>into it from any IP address on the internet, absolutely no SSH root
>>Access (authorized users will use su to switch to root if needed), and
>>if possible I would like to configure the system so that it will drop an
>>ip address using iptables if more than 4 or 5 attempts are made from it
>>to log into the system using either a nonexistant account or as root.
>>Also the old system is configured not to allow X to work through SSH, so
>>I plan on setting the new system up the same way
>>
>>The new system also does not have X installed or configured
>>
>>any suggestions you can offer me on ways to accomplish my goal are most
>>welcome.
>>
>>
>
>One thing that you should do is to change the Protocol 2,1 line to only
>have protocol 2. Protocol 1 has some nasty holes in it. Don't forget to
>restart the sshd service afterwards.
>
>
>
Thanks to all who had suggestions about this.
I was able to set ssh up on this system and get it configured to do what
I wanted pretty much.
I locked down the firewall to only allow traffic in to the system on
port 110 and 22
the system is protected by a hardware firewall which only allows access
to the system thru port 22. I opened the software firewall to allow 110
so i could pop the system from our internal network So I can get the
system logs sent to root each day.
I still have some minor stuff to do, but I'm pretty close to being ready
with this system.
Whitebox Linux works very well on this system. :)
thanks again
Van
--
Van Loggins vloggins@turbocorp.com
Assistant System Administrator - ESC Dept
_
-o)
/\\
_\_v
Linux User #316727
678-989-3052
Turbo Logistics
http://www.turbocorp.com