206 lines
2.9 KiB
HTML
206 lines
2.9 KiB
HTML
<HTML
|
|
><HEAD
|
|
><TITLE
|
|
>User Access - letting people in</TITLE
|
|
><META
|
|
NAME="GENERATOR"
|
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
|
|
"><LINK
|
|
REL="HOME"
|
|
TITLE="VPN HOWTO"
|
|
HREF="index.html"><LINK
|
|
REL="UP"
|
|
TITLE="Server"
|
|
HREF="c224.html"><LINK
|
|
REL="PREVIOUS"
|
|
TITLE="Security - keeping people out"
|
|
HREF="x227.html"><LINK
|
|
REL="NEXT"
|
|
TITLE="Restricting Users"
|
|
HREF="x256.html"></HEAD
|
|
><BODY
|
|
CLASS="sect1"
|
|
BGCOLOR="#FFFFFF"
|
|
TEXT="#000000"
|
|
LINK="#0000FF"
|
|
VLINK="#840084"
|
|
ALINK="#0000FF"
|
|
><DIV
|
|
CLASS="NAVHEADER"
|
|
><TABLE
|
|
SUMMARY="Header navigation table"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TH
|
|
COLSPAN="3"
|
|
ALIGN="center"
|
|
>VPN HOWTO</TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="left"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="x227.html"
|
|
ACCESSKEY="P"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="80%"
|
|
ALIGN="center"
|
|
VALIGN="bottom"
|
|
>Chapter 3. Server</TD
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="right"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="x256.html"
|
|
ACCESSKEY="N"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"></DIV
|
|
><DIV
|
|
CLASS="sect1"
|
|
><H1
|
|
CLASS="sect1"
|
|
><A
|
|
NAME="AEN245">3.2. User Access - letting people in</H1
|
|
><P
|
|
> User access is done via ssh's authentication scheme. As stated
|
|
above, this is how users get access to the system, while maintaining a
|
|
high level of security. If you're not familiar with ssh, check out
|
|
<A
|
|
HREF="http://www.ssh.org/"
|
|
TARGET="_top"
|
|
>http://www.ssh.org/</A
|
|
>. Note that I am
|
|
using ssh version 1, not version 2. There is a big difference, notably
|
|
that version 1 is free, and 2 isn't.
|
|
</P
|
|
><DIV
|
|
CLASS="sect2"
|
|
><H2
|
|
CLASS="sect2"
|
|
><A
|
|
NAME="AEN249">3.2.1. Configuring <B
|
|
CLASS="command"
|
|
>sshd</B
|
|
></H2
|
|
><P
|
|
> You'll need to configure <B
|
|
CLASS="command"
|
|
>sshd</B
|
|
>.
|
|
The idea is to disable password authentication and rhosts
|
|
authentication. The following options should be present in your
|
|
<TT
|
|
CLASS="filename"
|
|
>/etc/sshd_config</TT
|
|
> file.
|
|
</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
> PermitRootLogin yes
|
|
IgnoreRhosts yes
|
|
StrictModes yes
|
|
QuietMode no
|
|
CheckMail no
|
|
IdleTimeout 3d
|
|
X11Forwarding no
|
|
PrintMotd no
|
|
KeepAlive yes
|
|
RhostsAuthentication no
|
|
RhostsRSAAuthentication no
|
|
RSAAuthentication yes
|
|
PasswordAuthentication no
|
|
PermitEmptyPasswords no
|
|
UseLogin no
|
|
</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></DIV
|
|
><DIV
|
|
CLASS="NAVFOOTER"
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"><TABLE
|
|
SUMMARY="Footer navigation table"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="x227.html"
|
|
ACCESSKEY="P"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="index.html"
|
|
ACCESSKEY="H"
|
|
>Home</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="x256.html"
|
|
ACCESSKEY="N"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
>Security - keeping people out</TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="c224.html"
|
|
ACCESSKEY="U"
|
|
>Up</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
>Restricting Users</TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></BODY
|
|
></HTML
|
|
> |