On 0, programing@nib.si wrote: > Hi. > > I want to 'secure' one machine in such a way to avoid clear text > authentication on various services. > 1.: I want to secure FTP. Now I'm using pro-ftpd which provide SSL also. > The problem is that if you want to use SSL, you must use a special client > (ex. on Windows you can use Filezilla). Is there a way to tell pro-ftpd to > accept ONLY SSL connections?Is there any other FTP server on Debian thet support > SSL and posibly SSH > (SCP) too? sshd supports ssh and scp. I'd ditch ftp altogether. > 2.: I want to force a SFTP (SCP) session to chroot in the user home > directory. I'm usint Debian Woody. Is there any 'prepached' .deb package > of OpenSSH that support this?I checked the internet but didn't find any good tut > orial how to manualy > patch .deb packages. I played with one source .deb package, but this is > all. Is there any good howto document that describe how to applay paches > on debian source and then build a .deb package so that in near future it > can be uninstalled (I think that it should cover .deb versioning too). I don't know about this, but I think it should be a ssh configuration (PAM maybe?), not a patch for a deb. > 3.: Is there any simple way to upgrade MySQL and OpenLDAP (slapd) packages > from Woody to any packages that support SSL connection or I have to > recompile them as described in 'Second:'? I thought there were packages in non-free for OpenLDAP/ssl, but I can't find them at the moment and breakfast is burning. > 4.: I'm now using an Courier IMAP server. There are some users that > prefere to use SSH connections over Webmail to read them e-mail. I write a > simple script that prevent them to enter shell commands (they only can use > mutt and pine). Is there any package that already implement something > similar? I want to grant them the homedir browsing capability (but that > they don't have permision to go in any upper directory). I see on one > system that they use Lynx for this purpose, but I didn'd found a method to > limit fiesystem access to file://~ . And what about various limited > shells? I see that there are lshells which simplify the user resource > limiting, but is there any shell writen apositly for a limited access to > the system? Once you get the chroot thing happening this is no longer an issue. > 5.: Is there any s-key pam.d module or any similar module on Debian which > I can use to substitute a simple telnet authentication? Don't know. > 6.: I'm looking in how to implement a VPN server so that my users can > connect from the internet. I found IP-Sec (FreeSWan). Is there any better > posibility (from any aspect of view)? Is it necesary to pach the kernel > with SSL patch to get encryption and why the patch isn't a part of the > kernel (is it due to exports rights)? > 10x for any answer. Can't answer this, but I know a number of people around here use freeswan, it seems to be the way to go. Sorry I can't be of more help. Tom -- Tom Cook Information Technology Services, The University of Adelaide "Not to limit itself to play in a sand vat." - Google translation of, "not to be stuck in a sandbox." Get my GPG public key: https://pinky.its.adelaide.edu.au/~tkcook/tom.cook-at-adelaide.edu.au
Attachment:
pgpPD2suZzdFw.pgp
Description: PGP signature