ssh (secure shell)

General Questions:
How do I know if my password (/etc/passwd) file has been compromised?
How do I find all of the SUID and SGID files?
How can I tell if my machine has been cracked?
How can I automatically keep track of my system log files?

General Questions:
How do I set up passwordless RSA/DSA authentication with OpenSSH?

Here are the basic steps for DSA, which is relevant for ssh2 (which is what you should use!):

1. Set up a pair of keys (public and private) on one of your machines.

   ssh-keygen -t dsa

2. Copy the public key over to the any remote machines you want to access into the file ~/.ssh/authorized_keys2 (the 2 is for ssh2). (You can just append it to the end of the file.)

3. Protect the private key! IMPORTANT: You need to have the correct file protections on the ~/.ssh directory AND on the files. The ~/.ssh directory, the authorized_keys2 file, and the id_dsa file must be only accessible to you. These commands will do this:

  chmod 700 ~/.ssh
  chmod 600 ~/.ssh/id_dsa
  chmod 600 ~/.ssh/authorized_keys2

4. At this point, we still need to use the passphrase. If you check the second reference at the top, however, you'll find instructions for how to avoid typing the passphrase all the time.

2003-Apr-08 8:19am furnstahl.1@osu.edu

* the last field in a passwd entry is the shell. Nothing should have a shell except for root and any user accounts that you have set up (and possibly a database like postgres). These things have something else in that entry: sync (/bin/sync), shutdown (/sbin/shutdown), xfs (/bin/false).

* check the UID, which is the number in the third field (delimited by :'s). Only root should be UID 0.

* look for user names you don't recognize.

2000-Mar-23 9:19am furnstahl.1@osu.edu

   # find / \( -perm -004000 -o -perm -002000 \) -type f -print

* Look for /.bash_history linked to /dev/null
2000-Mar-23 9:31am furnstahl.1@osu.edu

Some steps in the installation:

  1. Change the protection of the log files so that they are
      only readable by root.