On 0, [EMAIL PROTECTED] wrote: > Hi. > > I want to 'secure' one machine in such a way to avoid clear text > authentication on various services. > 1.: I want to secure FTP. Now I'm using pro-ftpd which provide SSL also. > The problem is that if you want to use SSL, you must use a special client > (ex. on Windows you can use Filezilla). Is there a way to tell pro-ftpd to > accept ONLY SSL connections?Is there any other FTP server on Debian thet support > SSL and posibly SSH > (SCP) too?
sshd supports ssh and scp. I'd ditch ftp altogether.
> 2.: I want to force a SFTP (SCP) session to chroot in the user home
> directory. I'm usint Debian Woody. Is there any 'prepached' .deb package
> of OpenSSH that support this?I checked the internet but didn't find any good tut
> orial how to manualy
> patch .deb packages. I played with one source .deb package, but this is
> all. Is there any good howto document that describe how to applay paches
> on debian source and then build a .deb package so that in near future it
> can be uninstalled (I think that it should cover .deb versioning too).
I don't know about this, but I think it should be a ssh configuration
(PAM maybe?), not a patch for a deb.
> 3.: Is there any simple way to upgrade MySQL and OpenLDAP (slapd) packages
> from Woody to any packages that support SSL connection or I have to
> recompile them as described in 'Second:'?
I thought there were packages in non-free for OpenLDAP/ssl, but I
can't find them at the moment and breakfast is burning.
> 4.: I'm now using an Courier IMAP server. There are some users that
> prefere to use SSH connections over Webmail to read them e-mail. I write a
> simple script that prevent them to enter shell commands (they only can use
> mutt and pine). Is there any package that already implement something
> similar? I want to grant them the homedir browsing capability (but that
> they don't have permision to go in any upper directory). I see on one
> system that they use Lynx for this purpose, but I didn'd found a method to
> limit fiesystem access to file://~ . And what about various limited
> shells? I see that there are lshells which simplify the user resource
> limiting, but is there any shell writen apositly for a limited access to
> the system?
Once you get the chroot thing happening this is no longer an issue.
> 5.: Is there any s-key pam.d module or any similar module on Debian which
> I can use to substitute a simple telnet authentication?
Don't know.
> 6.: I'm looking in how to implement a VPN server so that my users can
> connect from the internet. I found IP-Sec (FreeSWan). Is there any better
> posibility (from any aspect of view)? Is it necesary to pach the kernel
> with SSL patch to get encryption and why the patch isn't a part of the
> kernel (is it due to exports rights)?
> 10x for any answer.
Can't answer this, but I know a number of people around here use
freeswan, it seems to be the way to go.
Sorry I can't be of more help.
Tom
--
Tom Cook
Information Technology Services, The University of Adelaide
"Not to limit itself to play in a sand vat."
- Google translation of, "not to be stuck in a sandbox."
Get my GPG public key:
https://pinky.its.adelaide.edu.au/~tkcook/tom.cook-at-adelaide.edu.au
msg05658/pgp00000.pgp
Description: PGP signature
