I have set up an ADSL service. Now I would like to set up a telnet service for my friends only, so they can download files to my PC and then have them on a CD. Telnet and ssh are already set up in my box, but I have not been able to find any information on how securing it. I would really love to listen to your advices and pointers to some *cool* information about that. I am planning to read "man bash" in order to limit my remote users, and I would need something more. I am also planning to create a "remote users" group just to limit them more. I do not think it is enough though. Ideas and advices are very welcome! Tazio
On Saturday 28 April 2001 11:38 pm, Tazio Ceri wrote:
I have set up an ADSL service. Now I would like to set up a telnet service for my friends only, so they can download files to my PC and then have them on a CD. Telnet and ssh are already set up in my box, but I have not been able to find any information on how securing it. I would really love to listen to your advices and pointers to some *cool* information about that.
I am planning to read "man bash" in order to limit my remote users, and I would need something more. I am also planning to create a "remote users" group just to limit them more. I do not think it is enough though.
Ideas and advices are very welcome!
Tazio
The Telnet service is completely insecure... when your friends log into your Linux workstation, their usernames and passwords are transmitted across the Internet w/o any encryption at all. It's best to leave this service disabled. SSH (Secure SHell) is the encrypted version of Telnet. All communications from your friends machines to your workstation will be encrypted, so nobody can eavesdrop on the network and get their (or your!) personal information, know what files are being transferred, etc. There are several SSH clients available for Windows, the best (imho) being SecureCRT from Van Dyke Software (www.vandyke.com). You can use it for 30 days for free, but then you have to register it. Linux (of course) has OpenSSH (which is *always* free) or the "real" SSH that you can use for free, if you are non-profit. Most all distributions come with OpenSSH and you can get the real SSH at www.ssh.com. There are several known vulnerabilities in version 1 of SSH, so I suggest using version 2, or SSH2, of either OpenSSH or the "real" SSH server. Have fun and good luck! -Steven
Just use ssh and have your friends download putty which is a free ssh client for Windows. A lot of the Windows users at my job use it to get to our Unix boxes that they have to get to..it works really well. -- Ben Rosenberg mailto:ben@whack.org ----- If two men agree on everything, you can be sure that only one of them is doing the thinking.
On Sat, 28 Apr 2001, Ben Rosenberg wrote: br> Just use ssh and have your friends download putty which is a free br> ssh client for Windows. A lot of the Windows users at my job use br> it to get to our Unix boxes that they have to get to..it works br> really well. br> Putty? Havn't heard of that one, you wouldn't happen to have a URL handy? If not I can search for it. br> -- S.Toms - smotrs@mindspring.com - www.mindspring.com/~smotrs SuSE Linux v7.0+ - Kernel 2.2.18 "If that makes any sense to you, you have a big problem." -- C. Durance, Computer Science 234
I should have sent this the first time..sorry, it slipped my mind. http://www.chiark.greenend.org.uk/~sgtatham/putty/ -- Ben Rosenberg mailto:ben@whack.org ----- If two men agree on everything, you can be sure that only one of them is doing the thinking.
On Sat, 28 Apr 2001, S.Toms wrote:
On Sat, 28 Apr 2001, Ben Rosenberg wrote:
br> Just use ssh and have your friends download putty which is a free br> ssh client for Windows. A lot of the Windows users at my job use br> it to get to our Unix boxes that they have to get to..it works br> really well. br>
Putty? Havn't heard of that one, you wouldn't happen to have a URL handy? If not I can search for it.
You can find it at http://www.chiark.greenend.org.uk/~sgtatham/putty/ and your local tucows mirror has it. Regards Ole
On Sun, Apr 29, 2001 at 05:38:00AM +0200, Tazio Ceri wrote:
I am planning to read "man bash" in order to limit my remote users, and I would need something more. I am also planning to create a "remote users" group just to limit them more. I do not think it is enough though.
Since everyone has proselytized SSH to you, I'll address this bit of your post. The only thing you have to do in order to limit your users is to have them in your passwd file. You don't need to do anything with bash or anything in particular with groups. Just use the Yast -> System administration -> User administration to create the users you want. No one who isn't a user of your system will be able to log into your computer using SSH. -tara
participants (6)
-
Ben Rosenberg
-
Ole Kofoed Hansen
-
S.Toms
-
Steven Hatfield
-
taralee@MIT.EDU
-
Tazio Ceri