Hi everyone, Due to a security risk, I always had the following SSH config disabled: Code: # Change to no to disable tunnelled clear text passwords PasswordAuthentication no But the network that I have been on lately disables outbound FTP (I'm not sure if by choice, or they just don't know its blocked). But anyways, I was wondering if the passwords really are transmitted in cleartext like the config file says, if so what is the point of having ftp go through SSH? Thanks everyone
With SSH, the passwords are alway sent encrypted. The directive controls wheter password authentication is allowed or not. See http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5
Not if you have a strong password. You can also disable root logins; that way you must log in as a normal user first and then su to root.
I am wanting to know if there is a way for users on my system to use ssh istead of ftp. I have had my ftp server disabled for months because i have had so many idiots trying to get into it. at one time it was getting hit from almost 50 different ip's at the same time. I am running ubuntu 8.04 with ispconfig and want to be able to use ispconfig for setting up the users like it does with ftp. lee
You can enable shell access for a web site, but keep in mind that this is a big security risk. To protect your FTP server, you can install fail2ban: http://www.howtoforge.com/fail2ban_debian_etch
Thank You Falco this seems to be what I am looking for. However I am confused, I am new to linux and have been told locally to use ssh so I have been reading this thread chrooted ssh http://www.howtoforge.com/forums/showthread.php?t=14661&page=1 what is the better choice. Lee
Falco Can this also be used for DNS? I have got my DNS servers set up so they do not do recursive lookups but people still try, and they hit me real hard sometimes. The other day is I was being hit about 15 to 20 times a second from some russian ip's trying to use my DNS servers to hit AOL.com This lasted about 22 hours before they gave up. Also will the [apache] section cover both ispconfig and webmail? Lee
You as the server admin should use SSH, but I wouldn't grant it to users. You should be fine with normal FTP and fail2ban.
Thank You Falco Fail2ban works great. just what I needed I still have the question about DNS server. In jail.conf it has this warning. what does this mean. I know ip's do not always come from the real source, but do not understand how this leads to a dos attack. like I said new to linux, but it seems like this filter should help stop dos attacks. # Word of Caution: # Given filter can lead to DoS attack against your DNS server # since there is no way to assure that UDP packets come from the # real source IP Lee
