|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
Get inside! Sample the range of functionality easily built with JMSL Library for Time Series Data Analysis, Heat Maps, Portfolio Optimization, Monte Carlo Simulation, Stock Price Charting and more. Download Now! |
|
#1
June 19th, 2005, 09:34 PM
|
|||
|
|||
|
SSH Security
Hey guys,
I've got a webhosting box, and some of my clients want SSH access. Are there any security holes/precautions that I should be aware of? Is it possible for a user to access anything outside of their account? etc.
|
|
#2
June 19th, 2005, 10:30 PM
|
|||
|
|||
|
well ssh is actually giving them all there rights as a user on that computer. So it is like the user is infront of the computer loged in. Everything there is what they can do through ssh.
Now you should be very causes with file rights, make sure that there are no passwords in files read/writible by the users. Make sure they can't execute anything that they do not need to execute. Make all other users files unreadible. Things of that sort. Keep your box up to date so you do not have to worrie about security ishues. Also disable root login though ssh.
|
|
#3
June 20th, 2005, 11:21 AM
|
||||
|
||||
|
*sigh*
OK heres the deal. Yes, you give them access to your box, no it isnt giving them root. Set restrictions carefully for them. Also to repeat some of the above post, make sure you chown/chmod files properly first, dont want anyone deleting important files... to give shell access usermod username +s use --help on that to get a full listing. Remember, its worth taking time to ensure your system files are protected chown -R root:root /root /etc /usr and chmod -R 755 /root /etc /usr etc.... enjoy 
|
|
#4
June 21st, 2005, 02:02 AM
|
|||
|
|||
|
Quote:
Sorry, but that's rather bad advice. Among many other problems your suggestion would cause, you'd set the shadow password file world readable? WHY?  M.
__________________
-- Manuel Hirsch - Linux, FreeBSD, programming, administration articles, tutorials and more.
|
|
#5
June 21st, 2005, 03:45 PM
|
||||
|
||||
|
Quote:
umm you have a fair point. make that 700
__________________
~James [Not currently seeking freelance work] Like philosophy or interested in spirituality? Philosophorum. Game Dev Experts Forums Foresight Linux - Because your desktop should be cool! Linux FAQ FedoraFAQ UbuntuGuide
|
|
#6
June 21st, 2005, 11:41 PM
|
|||
|
|||
|
Quote:
No, forget about this completely. You'll fsck the filesystem permissions. Not everything in /etc must be owned by root. Same for /usr. 0700 will kill many programs If you want to know more about the default permissions, check out "mtree". /etc/mtree/ contains files describing the _correct_ permissions for each file. Leave it as is, FreeBSD local security is mostly OK by default. But check everything in /usr/local. M.
|
|
#8
June 22nd, 2005, 05:02 AM
|
|||
|
|||
|
Quote:
No, unless you created them. You can "chmod -s" to remove SUID binaries, but don't change anything else without knowing _exactly_ what you're doing and why. M.
|
|
| Viewing: Dev Shed Forums > Operating Systems > BSD Help > SSH Security |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
