On Wed, 2006-06-14 at 13:22, M. Fioretti wrote:
> > > I've read on several howtos that one way to make ssh more secure,
> > > or at least reduce the damage if somebody breaks in, is to NOT
> > > allow direct ssh login from root, but allow logins from another
> > > user. So you have to know two passwords in order to do any real
> > > damage.
> [...]
> > Normally you would want people to use their own account for the
> > initial login - and to use good passwords so a dictionary attack
> > isn't likely to work.
>
> I agree, but normal users have no reason to exist on that particular
> box. It is a web and email server, nothing more. Even email is handled
> via virtual users.
>
> If I create another Unix account (my_aux_login), it will only be so I
> can disable ssh directly as root and then ssh into the box with that
> login, to immediately su to root for system administration. So my
> original question means:
>
> (must I)/can I reduce as much as possible the privileges/access rights
> of the my_aux_login account? so that if somebody breaks _its_
> password, it won't be able to do anything, including browsing around
> to see what's installed?
You probably can't without breaking something because certain
areas like /tmp are writable by everyone and you must have
read access to the ssh binary and its libraries to execute
them. However, Linux is designed to be multiuser and non
root users should not be able to damage anything but their
own files. You might make sure that any critical data is
under directories that don't have rx permissions for 'other'
and assign a disk quota to this user. As others have
already suggested, you might also turn off passwords so
you need the ssh key to connect.
--
Les Mikesell
lesmikesell@xxxxxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
