[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] Improve sshd
- Subject: [cobalt-security] Improve sshd
- From: Fred <journal@xxxxxxx>
- Date: Thu, 26 Apr 2001 00:37:51 +0200
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Thanks Adam
All is all right ;-)
My sshd is now on an different port
Is there any other option in the sshd config that could be great to change
in order to improve security ?
Thanks again
Fred
"First step in security"
> Firstly make sure your SSH client handles protocol 2, most good ones do,
> then locate the config
> file sshd_config which usually resides in /etc/ssh you will see in the
> first few lines something like :-
> Port 22
> Protocol 1,2
> change it to something like :-
> Port 52
> Protocol 2
> This will change the standard port of 22 into 52 and force protocol 2 to
> be used.
> Locate the start script in /etc/rc.d/rc3.d
> and type something like ./S55sshd restart
> Make sure you can login using the new port and protocol (don't forget to
> configure client) and
> assuming everything is fine logout of your old session, that's it. If in
> doubt leave it alone.
> I am making the assumption you are using the latest version of openssh.
> Adam
> *********** REPLY SEPARATOR ***********
> On 25/04/2001 at 18:47 Fred wrote:
>>Hello Adam
>>
>>I agree with you
>>
>>A neophyte qestion please (I have Raq3 )
>>How do you configure ssh2 on a on a non-standard listening port ?
>>
>>Do it with interface ? or in shell ? Which commands ? (complete list
>>please)
>>
>>May this not
>>
>>Frederic
>>"First step in security"
>>
>>> SSH1 logins can also be sniffed and cracked in a switched environment,
>>use
>>> SSH2 on a non-standard listening port
>>
>>> Adam
>>
>>> *********** REPLY SEPARATOR ***********
>>
>>> On 25/04/2001 at 15:41 Reinoud van Leeuwen wrote:
>>
>>>>> Reinoud van Leeuwen wrote:
>>>>> > If you login through *telnet* over a public network, you
>>>>> have a lot to worry
>>>>> > about! Telnet is so insecure, people can just sniff your
>>>>> password to get
>>>>> > into your box... (no hacking needed)
>>>>>
>>>>> Which people are those who can sniff your password? Network
>>>>> administrators
>>>>> and such, but how does an 'ordinary' user watch theinternet
>>>>> promiscuously?
>>>>
>>>>Anyone on the same LAN segment (it does not matter whether it is
>>>>switched
>>>>or
>>>>not*) can sniff your traffic. So unless you control all the links
>>>>between
>>>>your workstation and the server you log in, you cannot be sure that you
>>>>are
>>>>not sniffed. This is usually the case in normal office environments, or
>>>>people that connect through an ISP to their servers.
>>>>If your workstation is on a dedicated management LAN, were you can trust
>>>>all
>>>>the hosts (and you are 100% sure that they are not 0wn3d), it is another
>>>>case.
>>>>
>>>>* it is not very hard for a hacker to put a switch in a broadcastnig
>>>>device
>>>>mode, so switching does not increase security on this point
>>>>_______________________________________________
>>>>cobalt-security mailing list
>>>>cobalt-security@xxxxxxxxxxxxxxx
>>>>http://list.cobalt.com/mailman/listinfo/cobalt-security
>>
>>> x
>>
>>> _______________________________________________
>>> cobalt-security mailing list
>>> cobalt-security@xxxxxxxxxxxxxxx
>>> http://list.cobalt.com/mailman/listinfo/cobalt-security
>>
>>
>>_______________________________________________
>>cobalt-security mailing list
>>cobalt-security@xxxxxxxxxxxxxxx
>>http://list.cobalt.com/mailman/listinfo/cobalt-security
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security