HostedDB - Dedicated UNIX Servers

Securing-Optimizing-RH-Linux-1_2_189
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca © Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ® 189 Configuration of the “/etc/pam.d/ssh” file For better security of your ssh2 server, you can configure it to use pam authentication. Do to that, you must create the “/etc/pam.d/ssh” file. Create the ssh file (touch /etc/pam.d/ssh) and add or change, if necessary: #%PAM-1.0 auth required     /lib/security/pam_pwdb.so shadow auth required     /lib/security/pam_nologin.so account required     /lib/security/pam_pwdb.so password    required     /lib/security/pam_cracklib.so password    required     /lib/security/pam_pwdb.so use_authtok nullok md5 shadow session required     /lib/security/pam_pwdb.so Further documentation For more details, there are several man pages you can read: $ man ssh-add2 (1) - adds identities for the authentication agent $ man ssh-agent2 (1) - authentication agent $ man ssh-keygen2 (1) - authentication key pair generation $ man ssh2 (1) - secure shell client (remote login program) $ man sshd2 (8) - secure shell daemon Ssh2 Per-User Configuration Step 1 Create your private & public keys of local, by executing: [root@deep /]# su admin [admin@deep /]$ ssh-keygen2 Generating 1024-bit dsa key pair    6 Oo..oOo.oOo. Key generated. 1024-bit dsa, admin@deep.openarch.com, Sun Feb 13 2000 05:33:38 -0500 Passphrase : Again      : Private key saved to /home/admin/.ssh2/id_dsa_1024_a Public key saved to /home/admin/.ssh2/id_dsa_1024_a.pub Step 2 Create an “identification” file in your “~/.ssh2” home directory on local: [admin@deep]$ cd ~/.ssh2 [admin@deep .ssh2]$  echo “IdKey id_dsa_1024_a” > identification NOTE: It’s optional to create an identification file on Remote. The identification file contains name of the private key that is to be used in authentication. Step 3 Copy your public key of Local (id_dsa_1024_a.pub) to “~/.ssh2” home directory of remote under the name, say, “Local.pub”. Step 4 Create an “authorization” file in your “~/.ssh2” home directory on remote: [admin@remote .ssh2]$  touch authorization