On Fri, 22 Jun 2001, Michael D. Schleif wrote:
> LEAF'ers ==>
>
> OK, so far, we're running exclusively as root user.
>
> Usually, we consider the larger number of users, the less secure a given
> system becomes.
>
> Using ssh to remotely access the firewall and without telnet and ftp
> allowed, the firewall appears to be moderately secure.
>
> However, it bothers us that we can use Putty to connect from any machine
> anywhere, as long as we know the root password! Somehow, we thought
> that ssh would be more difficult ;<
>
> Now that we have ``su'' working, it occurs to us that it might be
> prudent -- and, considerably more secure? -- to dis-allow ssh root login
> and create a couple mortal users, only a couple of whom know root
> password.
No-one but root should need to be on the firewall.
> How secure is our firewall?
Depends how well you are managing permissions. I doubt this helps much.
> How have others handled these issues?
If you are concerned, don't allow remote ssh from outside. Or, change
PasswordAuthentication to no in the sshd_config file, and only log in
with public keys instead of passwords.
> What do you think?
Might be best to use ssh v2. If you cannot fit that into your LRP, then
portforward to an internal host and use public keys only.
---------------------------------------------------------------------------
Jeff Newmiller The ..... ..... Go Live...
DCN:<[EMAIL PROTECTED]> Basics: ##.#. ##.#. Live Go...
Live: OO#.. Dead: OO#.. Playing
Research Engineer (Solar/Batteries O.O#. #.O#. with
/Software/Embedded Controllers) .OO#. .OO#. rocks...2k
---------------------------------------------------------------------------
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-user
