Subj : Re: Remote Shell Access
To   : comp.os.linux,comp.os.linux.networking
From : D W
Date : Mon Jun 21 2004 01:50 am

Ryan Waye wrote:

> How can I set up my linux box so I can get a remote shell from just
> about anywhere?  I know it is possible, I just want to know the best
> (most secure) way to do it.
> 
> RW

Install and configure OpenSSH (likely already installed).
After you can remotely access your box with ssh,
configure /etc/ssh/sshd_config to add more security.
Of note are these options:

Protocol 2      # only allow ssh2
UsePrivilegeSeparation yes
PermitRootLogin no      # disallow user root to login
AllowUsers username1 username2 usernamex        # only allow certain users
PermitEmptyPasswords no
StrictModes yes
PubkeyAuthentication yes        # allows public key authentication
# After public/private keys are set up and working,
# you can disable authentication via password
# so that a public/private key pair are required for
# remote access.  Attackers now have to have an
# allowed private key rather than simply guess
# a username/password combination.
PasswordAuthentication no


Overview:
http://www.linuxjournal.com/article.php?sid=4412
http://www.linuxjournal.com/article.php?sid=4413
http://www.linuxjournal.com/modules.php?op=modload&name=NS-lj-issues/issue81&file=4412t2

Extended Key-Based Authentication:
http://www-106.ibm.com/developerworks/library/l-keyc.html (in three
parts)
http://www.debian.org/doc/manuals/reference/ch-tune.en.html#s-ssh

Client for Windows:
http://bmonday.com/articles/653.aspx
http://the.earth.li/~sgtatham/putty/0.54/htmldoc/Chapter8.html

Why Some Defaults Need to be Changed:
http://www.saintcorporation.com/cgi-bin/demo_tut.pl?tutorial_name=SSH_vulnerabilities.html&fact_color=RED&tag=

.