Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: question about OpenSSH in cygwin

from [Nathan Jackson] Network Security [Permanent Link]
Subject: Re: question about OpenSSH in cygwin
Date: Fri, 12 Aug 2005 10:36:49 +0200 
Samor,

A few pointers for you:

1. Disable your guest account
2. Every user on your system should have a password!
3. If you didn't have passwords setup before then the chances are that
your new passwords are weak. I would suggest setting up public key
authentication in SSH as the only means of authenticating to your
machine.

There's a nicely detailed article on how to set this up at
http://www.cs.unm.edu/~venkata/ssh.html

Once you have done this and tested that pubkey auth works, you will
need to modify your sshd_config to turn off passphrase auth and allow
only pubkey auth. It should end up looking like the following (note,
anything commented out in the config file is a default value and
doesn't need changing):

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile     .ssh/authorized_keys

PasswordAuthentication no
#PermitEmptyPasswords no

HTH,

Nathan



On 8/11/05, Sander Morsink <smorsink@planet.nl> wrote:

Hello,

I've succesfully installed openssh under cygwin. (according to
http://pigtail.net/LRP/printsrv/cygwin-sshd.html)

I'd just want to make sure things are set up ok....

my own user account, which has a password now, has ssh access. is it
right that the administrator and guest account don't have access and
that any other account without a password doesn't either? I don't want
them to either, just want to make sure that a smart kid somewhere can't
get in due to some silly thing I forgot to turn off :)

Thanks,



Samor
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  problem with ssh and pam, Jim Judd
Next by Date:  Re: Anyone with a technique for accomplishing chroot using sftp, Bill Moran
Previous by Thread:  question about OpenSSH in cygwin, Sander Morsink
Next by Thread:  problem with ssh and pam, Jim Judd
Indexes:  [Date] [Thread] [Top] [All Lists]