|
-
December 31st, 2001, 06:51 PM
#11
Member
Wow..
Thanks alot. I am at work now, and I have to go to my g/f's and eat black eye'd peas so I dont get bad luck next year! You know that tradition.
But once I get home I will try all of your suggestions, thanks alot for the explanation of the UID and GUID's.
thanks,
Jason
__________________________
Caution: in case of rapture, this computer will be unoccupied!
-
January 1st, 2002, 07:51 AM
#12
Member
Ok,
OK..
I telnet'd localhost on port 22, it connected, I don't know much about it so I didn't know what to do. If I knew some commands I could have tested it further.
Then I did a "ssh -l Admin localhost" typed in password and connected, correct me if I am wrong, if I ssh it is encrypted, if I telnet it is not?
Would it just be safe to not set passwd's on all of the users, if there is no password does that mean someone can telnet in and login w/ any account (default) without a pwd?
Also:When using KDE User manager I get an error pop-up, signal 11 (SIGSEV) is what it says.
What else do I need to do? Do I nned ipchains and iptables running? Redhat firewall seems to only block ip's and not filter attacks/requests of services.
Going by the ssh setup it says I should goto the /etc/hosts.allow and put in "sshd: all", newbie question but whats the diff between sshd and ssh?
Should I set /etc/hosts.deny to "all" and host.allow to "sshd: all" because ssh is the only service I am running?
Ssh talks about keys and things like that, is that nessecary? because I'm working on a home network, I want to be able to carry "putty.exe" around on a floppy in my pocket to have remote acces to my pc at all times. If possible.
I am going to stop now, before I overwhelm people w/ q's.
1:42am 1/1/2002 Hapy NewYear!
Thanks...
Jason
__________________________
Caution: in case of rapture, this computer will be unoccupied!
-
January 2nd, 2002, 01:28 PM
#13
Member
Concerning SSH, I have to answer for some questions above (Vorlin) :
- when you install SSH from the package with RPM, it creates automaticaly the keys for your system (tested on my Mandrake 8.1). Otherwise, you need to make it by hand (I made so on my RedHat 6.2)
- secondly, SSHD is not started automaticaly with xinetd, you need to find his entry in xinetd and enable it.
- third, if you want to ssh from a windowz box to your linux, you can use PuTTY a freeware that will do telnet and ssh :
http://www.chiark.greenend.org.uk/~sgtatham/putty/
Hope it helps.
A+ hantiz./
Linoux c\'est de la bombe bébé !
-
January 2nd, 2002, 02:21 PM
#14
Member
How do I enable it in xinetd?
I was in IRC w/ evil last night and he thinks my box is pretty secure. I want to make sure everything works first before I put it online.
Any RHN users out there? I have always had problems when upgrading kernels, I tried twice with the help of Ms.Mittens (Thanks Ms.Mittens, twas my ignorance that brought on the problems,. not yours)
I am tempted to register my pc on the RHN (RedHat Network) and let it automate the downloading of new/upgrade rpms. It only upgrades the packages I have installed.
A downside I can see is that I have Dial-Up, if the files are small then it wouldn't be too bad.
-Thanks,
Jason
__________________________
Caution: in case of rapture, this computer will be unoccupied!
-
January 2nd, 2002, 02:57 PM
#15
Hantiz: that's correct. SSH will auto-create for root but that's a relatively new feature of ssh, as older versions didn't do that. Thanks for the correction. 
Jason-mis: telnet is non-encrypted plain-text across a network. Anyone with a sniffer could and would see passwords, user names, etc. SSH on the other hand, is completely encrypted and while a sniffer would still pick up the traffic, it wouldn't be able to be decrypted.
SSHD is the server binary while SSH is the binary executable. Notice: you won't be able to ssh to another box if that other box doesn't have sshd running.
Example:
# /usr/local/sbin/sshd
#
If you entered that and got the command prompt, you then had sshd started. To verify:
# ps -ef | grep -i sshd
This will give you a line of information, with the last column showing /usr/local/sbin/sshd (or whatever path it was installed on). If you see that, it's running.
As for passwords, other than root, the other accounts can be locked (asterix * in front of the password or go through the gui and lock them manually). A lot of them should already be locked because the system uses them, not typical users. Root should have a very secure password, 6-8 characters both upper and lowercase, with at least 1 number and 1 special character. A password like '5h1gG1tY' (that's shiggity for those that don't get that word, hehe) is a lot better than 'iluvdogs' or some crap...
RH will warn you if your password chosen is easy to break (aka matching something in the dictionary). Good techniques also include never storing passwords in plaintext files for remembering later, never leave it in plain sight, and don't keep the same password for diff. systems. I worked at a place once where it was "mandatory" for everyone to write their password and tape it to the underside of the keyboard! I got written up because I wouldn't do it, hehe...dumb@sses.
As for hosts.allow and hosts.deny, those are for trusted machines. This allows authentication on the server to be bypassed if the machine's allowed and denied if it's not. That's just a simple explanation. Technically speaking, I'd leave it out.
Hope this helps some. It should help you get on the right track.
We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
