Secure tjener...

To: debian-edu@lists.debian.org
Subject: Secure tjener...
From: Maximilian Wilhelm <max@rfc2324.org>
Date: Sun, 27 Jun 2004 23:20:08 +0200
Message-id: <[🔎] 20040627212007.GC1003@rfc3514.org>
Mail-followup-to: debian-edu@lists.debian.org

Hi!

Because of Kerberos I though about security in SLX, in particular
securing tjener...

So my idea was to add 
AllowGroups admins
to sshd_config, to restrict shell-access to admins only.

It experienced that this has a nice side-effect:
 You cannot login as root anymore.
Andreas told me that this might be bad if LDAP has died.
(So I added "root" to the AllowGroups line and it worked again)

It might be interesting to talk about that, to find a consense, what
to do here.

Another interesting thing would be what to do if we are on a tjener + LTSP
maschine, because it is rather senseless to ensure ssh access but leave
open KDM and console login or things like that. Of course this does not
deny anthing other that ssh, so the LTSP and other services could be
used as before.

I would vote to add this line to the sshd_config of tjener (to add this
on other maschines is rather useless, see above).

Optinions?

Ciao
Max
-- 
	Follow the white penguin.

Reply to:

Prev by Date: Tjener does Kerberos...
Next by Date: Re: Re: Call for French and German translators.
Previous by thread: Re: Tjener does Kerberos...
Next by thread: DESA-2004-007 - apache: buffer overflow
Index(es):
- Date
- Thread