You forgot to mention setting SSH_OVERRIDE_PORT in lts.conf -Rob
>> David Van Assche wrote: >>> I'm putting this into documentation:- >>> >>> Hardening server by adding 2 ssh sessions >>> >>> The way LTSP works right now, makes the ssh handling vulnerable >>> to the outside world if you don't block access to port 22 from >>> the wan interface entirely. The solution is to create 2 instances >>> ssh, one serving the internal ip on port 22 and one serving the >>> wan interface on port 2222. If you only have one interface, >>> then both ssh sessions would serve the same interface, but one >>> would serve port 22, and the other 2222. This is how to set this >>> up: >>> >>> sudo cp /etc/init.d/ssh /etc/init.d/ltsp-ssh >>> sudo cp /etc/default/ssh /etc/default/ltsp-ssh >>> sudo cp /etc/ssh/sshd_config /etc/ltsp/ltsp-sshd_config >>> sudo cp /var/run/sshd /var/run/ltsp-ssh >>> sudo sed -ie 's/Port 22/Port 2222/' /etc/ltsp/ltsp-sshd_config >>> >>> If you are using 2 interfaces also do:> >>> sudo sed -ie 's/#ListenAddress 0.0.0.0/ListenAddress 192.168.0.1/' >>> /etc/ltsp/ltsp-sshd_config >>> sudo sed -ie 's/#ListenAddress 0.0.0.0/ListenAddress 10.0.0.42/' >>> /etc/ssh/sshd_config >>> Change 10.0.0.42 with the address of your wan facing interface. >>> You will also need to change the .pid of the new ssh >>> instance: >>> >>> sudo tee -a "PidFile /var/run/ltsp-sshd.pid" >>> /etc/ltsp/ltsp-sshd_config >>> sudo sed -ie 's/SSHD_OPTS=/SSHD_OPTS=\"-f >>> /etc/ltsp/ltsp-sshd_config\"' /etc/default/ltsp-ssh >>> sudo sed -ie 's/AllowUsers/AllowUsers >>> [EMAIL PROTECTED]/24/' /etc/ltsp/ltsp-sshd_config >>> >>> This look about right? >>> >>> On Wed, Oct 15, 2008 at 3:56 PM, Gavin McCullagh <[EMAIL PROTECTED]> wrote: >>> >>>> Hi, >>>> >>>> On Wed, 15 Oct 2008, Oliver Grawert wrote: >>>> >>>> >>>>>> https://blueprints.launchpad.net/ltsp/+spec/dedicated-ltsp-sshd >>>>>> >>>>>> As it's low priority, it hasn't really happened though. >>>>>> >>>>> note that SSH_OVERRIDE_PORT in lts.conf is supported since a while >>>>> (pre-hardy even i think) so all thats left is a way to set up the server >>>>> side more easily >>>>> >>>> Great. I hadn't realised that. If anyone's interested in getting the >>>> server side done, it's relatively straightforward, I had it working for a >>>> while. I'm happy to lend a hand or help write the config files. I did it >>>> on ubuntu before (the blueprint instructions are derived from what I did) >>>> but I amn't certain how easily one could do it for all platforms. >>>> >>>> The ltsp I work on is now not exposed to the net in the same way so it's >>>> not such an issue to me, but I still think it would be a good step for >>>> ltsp. >>>> >>>> Gavin >>>> >>>> >>>> ------------------------------------------------------------------------- >>>> This SF.Net email is sponsored by the Moblin Your Move Developer's >>>> challenge >>>> Build the coolest Linux based applications with Moblin SDK & win great >>>> prizes >>>> Grand prize is a trip for two to an Open Source event anywhere in the world >>>> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >>>> _____________________________________________________________________ >>>> Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: >>>> https://lists.sourceforge.net/lists/listinfo/ltsp-discuss >>>> For additional LTSP help, try #ltsp channel on irc.freenode.net >>>> >>>> >>> ------------------------------------------------------------------------- >>> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge >>> Build the coolest Linux based applications with Moblin SDK & win great >>> prizes >>> Grand prize is a trip for two to an Open Source event anywhere in the world >>> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >>> _____________________________________________________________________ >>> Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: >>> https://lists.sourceforge.net/lists/listinfo/ltsp-discuss >>> For additional LTSP help, try #ltsp channel on irc.freenode.net >>> >> ------------------------------------------------------------------------- >> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge >> Build the coolest Linux based applications with Moblin SDK & win great prizes >> Grand prize is a trip for two to an Open Source event anywhere in the world >> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >> _____________________________________________________________________ >> Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: >> https://lists.sourceforge.net/lists/listinfo/ltsp-discuss >> For additional LTSP help, try #ltsp channel on irc.freenode.net >> > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's challenge > Build the coolest Linux based applications with Moblin SDK & win great prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _____________________________________________________________________ > Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: > https://lists.sourceforge.net/lists/listinfo/ltsp-discuss > For additional LTSP help, try #ltsp channel on irc.freenode.net ******************************************************** The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If you are not the addressee, any disclosure, reproduction, copying, distribution, or other dissemination or use of this transmission in error please notify the sender immediately and then delete this e-mail. E-mail transmission cannot be guaranteed to be secure or error free as information could be intercepted, corrupted lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard copy version. ******************************************************** ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
