Applicable to: FreeBSD 4.x
Updated: July 17, 2000
This Sheet describes the procedure I used to set-up OpenSSH for secure (encrypted) remote login services and to disable other services that are known to be security risks. Before performing this procedure, you should review the FreeBSD Security How-To for an overview on security and your FreeBSD system.
Disable potential security threats in /etc/inetd.conf:
#telnet stream tcp nowait root /usr/libexec/telnetd telnetd -l
#shell stream tcp nowait root /usr/libexec/rshd rshd
#login stream tcp nowait root /usr/libexec/rlogind rlogind
#finger stream tcp nowait/3/10 nobody /usr/libexec/fingerd fingerd -s
#exec stream tcp nowait root /usr/libexec/rexecd rexecd
Note: You must either reboot or restart inetd for the above changes to take effect.
Run cvsup to update the crypto sources:
# /usr/local/bin/cvsup -g -L 2 /usr/src/stable-supfile
If you’ve created the /usr/local/bin/cvsrun script, you can instead run:
# /usr/local/bin/cvsrun
If you need help setting up /usr/src/stable-supfile, see the Updating Sources with CVSup cheat sheet.
Edit /etc/make.conf and verify that the following option is not present or is commented out:
NO_OPENSSH= yes
Make the world to build and install the crypto collection. If you need information on making the world, see the Make World cheat sheet.
If not already installed, install the rsaref port:
# cd /usr/ports/security/rsaref && make
You will be prompted to accept the license agreement. Once you agree, the compilation will continue.
# make install && make clean
Generate the OpenSSH host keys:
# /usr/bin/ssh-keygen -N “” -f /etc/ssh/ssh_host_key (SSH-1)
# /usr/bin/ssh-keygen -d -N “” -f /etc/ssh/ssh_host_dsa_key (SSH-2)
Edit /etc/rc.conf and add the line:
sshd_enable=”YES”
Reboot, or start the OpenSSH daemon manually:
# /usr/sbin/sshd
You should be able to log in from a remote computer using software that supports either SSH-1 or SSH-2 (such as Van Dyke Technologies’ SecureCRT).
ref.http://www.freebsddiary.org/
Tidak ada komentar:
Posting Komentar