Re: Securing debian box

To: debian-user@lists.debian.org
Subject: Re: Securing debian box
From: Alexander Wasmuth <alex@wasmuth.org>
Date: Sat, 24 Feb 2007 09:04:12 +0100
Message-id: <[🔎] 20070224080411.GA9190@elmo.gyod.net>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 45DF6524.8090808@dreampossible.ca>
References: <[🔎] 45DF6524.8090808@dreampossible.ca>

* Jim Hyslop wrote:

> PermitRootLogin no
> RSAAuthentication no
> PubkeyAuthentication yes
> IgnoreRhosts yes
> RhostsRSAAuthentication no
> HostbasedAuthentication no
> PermitEmptyPasswords no
> ChallengeResponseAuthentication no
> PasswordAuthentication no
> UsePAM yes
> Subsystem sftp /usr/lib/openssh/sftp-server

I've also added "Protocol 2" to omit ssh 1 and I set UsePam to no
because I wasn't able to prohibit password authentication with PAM
enabled.

Restricting the allowed users is probably a good idea, too:

 AllowUsers you

Also I am using iptables to limit the per-ip connection tries in a given
amount of time: <http://www.debian-administration.org/articles/187>.

Cheers,
Alex

Reply to:

Follow-Ups:
- Re: Securing debian box
  - From: Franck Joncourt <joncourt_franck@yahoo.co.uk>
- Re: Securing debian box
  - From: Jim Hyslop <jhyslop@dreampossible.ca>

References:
- Securing debian box
  - From: Jim Hyslop <jhyslop@dreampossible.ca>

Prev by Date: [ot] Videogame RPG Linux Project search programmers
Next by Date: Re: Securing debian box
Previous by thread: Re: Securing debian box
Next by thread: Re: Securing debian box
Index(es):
- Date
- Thread