[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Hardening OpenSSH

To: Mailing Lists <DUBBS-lists@cfl.rr.com>
Subject: Re: Hardening OpenSSH
From: francisco <frisco@blackant.net>
Date: Fri, 28 Jun 2002 11:06:16 -0400 (EDT)
Cc: misc@openbsd.org

On Fri, 28 Jun 2002, Mailing Lists wrote:

> JUST CURIOUS...BY DEFAULT is OpenSSH as hardened as possible or are there
> config options I can set to max out the security...

"as possible" depends on what you want to use the machine for.

> Situation: I have one laptop I take with me that needs to access a OpenBSD box
> at home, have ODS.org doing my IP redirection...just wanted to make the system
> as secure as possible for when I travel...

if *all* you need to do is ssh to your home server, then make sure your
install included *only* the necessary packages (e.g. no X, no games, etc),
block all incoming traffic, block all outgoing traffic except port 22,
and go through /etc/rc.conf and turn off everything except pf.

now anything you find you need in addition to that, add it in, but nothing
more.

and i probably missed some things you can stop.  why not do a 'ps ax' on
that laptop and decide if you really need some of those things running?
(check their man pages of course, you probably don't wanna kill off init)
then nmap the laptop and decide if there are services open you dont need
open and figure out how to stop those too.

>
> -Dubbs
>

good luck,

-f
http://www.blackant.net/

References:
- Hardening OpenSSH
  - From: "Mailing Lists" <DUBBS-lists@cfl.rr.com>

Prev by Date: Re: nat.conf
Next by Date: Re: Getting mad on mounting MSDOS partitions
Prev by thread: Re: Hardening OpenSSH
Next by thread: 3.0-stable : Patch 23 useless
Index(es):
- Date
- Thread