Re: [suse-security] harden_sues and SSH
I have installed a SuSE 7.3 with openSSH running correctly, then I decided to run the harden_suse script. Before the script i could both SSH in and out (to another box on the network), now after the script has ran, i cannot SSH out or in.
I am not the familar with the details of the harden_suse script, does it block ports (22 for ssh)?
last time i used harden_suse it adds a deny rule to /etc/hosts.deny for all hosts, this also blocks ssh incoming. You can add a sshd: all : allow to your /etc/hosts.allow and ssh should be working again. This doesn't fix the outgoing problem, but i think thats not a harden suse problem..
On Sun, 17 Feb 2002, Sven Michels wrote: sm> sm> sm> > I have installed a SuSE 7.3 with openSSH running correctly, then sm> > I decided to run the harden_suse script. Before the script i could sm> > both SSH in and out (to another box on the network), now after the sm> > script has ran, i cannot SSH out or in. sm> > sm> > I am not the familar with the details of the harden_suse script, sm> > does it block ports (22 for ssh)? sm> sm> last time i used harden_suse it adds a deny rule to /etc/hosts.deny sm> for all hosts, this also blocks ssh incoming. You can add a sshd: all : allow sm> to your /etc/hosts.allow and ssh should be working again. sm> sm> This doesn't fix the outgoing problem, but i think thats not a sm> harden suse problem.. sm> I believe one of the questions when you launched the harden_suse.pl script was "securing login attempts and only allowing root to logon through the console". I could be mistaken with it's intent, but I believe that's what the issue is if you chose YES for that question. sm> sm> sm> -- S.Toms - smotrs at mindspring.com - www.mindspring.com/~smotrs SuSE Linux v7.2 - Kernel 2.4.10 (1) Everything depends. (2) Nothing is always. (3) Everything is sometimes.
On Sun, 17 Feb 2002, S.Toms wrote: st> On Sun, 17 Feb 2002, Sven Michels wrote: st> st> sm> st> sm> st> sm> > I have installed a SuSE 7.3 with openSSH running correctly, then st> sm> > I decided to run the harden_suse script. Before the script i could st> sm> > both SSH in and out (to another box on the network), now after the st> sm> > script has ran, i cannot SSH out or in. st> sm> > st> sm> > I am not the familar with the details of the harden_suse script, st> sm> > does it block ports (22 for ssh)? st> sm> st> sm> last time i used harden_suse it adds a deny rule to /etc/hosts.deny st> sm> for all hosts, this also blocks ssh incoming. You can add a sshd: all : allow st> sm> to your /etc/hosts.allow and ssh should be working again. st> sm> st> sm> This doesn't fix the outgoing problem, but i think thats not a st> sm> harden suse problem.. st> sm> st> st> I believe one of the questions when you launched the harden_suse.pl st> script was "securing login attempts and only allowing root to logon st> through the console". I could be mistaken with it's intent, but I believe st> that's what the issue is if you chose YES for that question. st> Also, what it does is modify the sshd_config file located in /etc/ssh and changes the PermitRootLogin entry from "YES" to "NO". So if you wanted to get around it, either answer no to that question, or modify the sshd_config file and restart the ssh daemon. How much of a factor this plays into the overall security of that particular question, I don't know, but since it makes it so root can only logon at the console, then a hacker probably can't get access unless (s)he has physical access to the system. Kinda a red pill blue pill thing, do you want things the way they were? or do you want to follow the little white rabit? st> sm> st> sm> st> sm> st> st> st> -- S.Toms - smotrs at mindspring.com - www.mindspring.com/~smotrs SuSE Linux v6.3 - Kernel 2.2.14 "Earth is a great, big funhouse without the fun." -- Jeff Berner
participants (2)
-
S.Toms
-
Sven Michels