Hi. I want to 'secure' one machine in such a way to avoid clear text authentication on various services. 1.: I want to secure FTP. Now I'm using pro-ftpd which provide SSL also. The problem is that if you want to use SSL, you must use a special client (ex. on Windows you can use Filezilla). Is there a way to tell pro-ftpd to accept ONLY SSL connections?Is there any other FTP server on Debian thet support SSL and posibly SSH (SCP) too? 2.: I want to force a SFTP (SCP) session to chroot in the user home directory. I'm usint Debian Woody. Is there any 'prepached' .deb package of OpenSSH that support this?I checked the internet but didn't find any good tutorial how to manualy patch .deb packages. I played with one source .deb package, but this is all. Is there any good howto document that describe how to applay paches on debian source and then build a .deb package so that in near future it can be uninstalled (I think that it should cover .deb versioning too). 3.: Is there any simple way to upgrade MySQL and OpenLDAP (slapd) packages from Woody to any packages that support SSL connection or I have to recompile them as described in 'Second:'? 4.: I'm now using an Courier IMAP server. There are some users that prefere to use SSH connections over Webmail to read them e-mail. I write a simple script that prevent them to enter shell commands (they only can use mutt and pine). Is there any package that already implement something similar? I want to grant them the homedir browsing capability (but that they don't have permision to go in any upper directory). I see on one system that they use Lynx for this purpose, but I didn'd found a method to limit fiesystem access to file://~ . And what about various limited shells? I see that there are lshells which simplify the user resource limiting, but is there any shell writen apositly for a limited access to the system? 5.: Is there any s-key pam.d module or any similar module on Debian which I can use to substitute a simple telnet authentication? 6.: I'm looking in how to implement a VPN server so that my users can connect from the internet. I found IP-Sec (FreeSWan). Is there any better posibility (from any aspect of view)? Is it necesary to pach the kernel with SSL patch to get encryption and why the patch isn't a part of the kernel (is it due to exports rights)? 10x for any answer.
Regards, Dezo Regards, Dezo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
