Securing debian box
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I have a Debian box on my home network (currently running Sarge, and
when I have two seconds to rub together I'll upgrade to Etch). I want to
be able to ssh into the machine from outside the home network, e.g. if
I'm at a coffee shop with a WAP. Using sftp is also desirable.
Now, obviously I want to make it as difficult as possible for
unauthorized people to get access to the machine. Now, if I've done my
background reading thoroughly enough, then I want to force private key
authentication, disable root login, and disable password authentication.
I've set the following options in my sshd_config (these aren't all the
options, just the ones that appear to me to be relevant to my question):
PermitRootLogin no
RSAAuthentication no
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM yes
Subsystem sftp /usr/lib/openssh/sftp-server
Oh, and when this is all OK, I'll set up port forwarding on my firewall
to send port 22 to the machine in question.
Anything I've overlooked?
TIA!
- --
Jim Hyslop
Dreampossible: Better software. Simply. http://www.dreampossible.ca
Consulting * Mentoring * Training in
C/C++ * OOD * SW Development & Practices * Version Management
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFF32UkLdDyDwyJw+MRArpWAJ9WaDJTipaRSVFakKldOl+uRK/OfACgpDPN
zOjlVV09eiXfcr4737BGp3I=
=YD5w
-----END PGP SIGNATURE-----
Reply to: