[QCLUG] Server admin

[Mark Riedesel]

Heyo Juanita,

I have no book recommendations but google is always happy to direct
you to pertinent wikis and howtos. I would recommend trying to develop
a basic understanding of iptables in order to keep your systems
happily firewalled.

I just looked over the diceware passphrase guide and I must say that I
don't think I'll ever be that paranoid. I agree that it's good to
choose strong passphrases, but once they reach a level of complexity
that begins to hinder your day-to-day tasks then you may as well just
unplug the ethernet cable. Using something like fail2ban is a good
idea to keep the bruteforce attackers away. That, along with a good
iptables setup, of course. Using port knocking is another effective
method (wikipedia explains it well).

As for the ~/.ssh directory thing, that isn't an indicator that you're
using ssh1. On the server, check /etc/ssh/sshd_config and look for
"Protocol", it should be 2.

It looks like SecureCRT has a heap of features, but whenever I'm stuck
on a windows box I've found putty and winscp to do everything I need.

I wouldn't say it's necessary to require pub/priv keys for ssh login,
but it makes it much more difficult for an attacker to acquire your
private key rather than just guess your password. But, if you keep an
eye on your logs and make sure people aren't using stupid passwords,
that's typically enough to keep you relatively safe, at least in my
humble opinion.

Mark



On 4/20/07, Juanita Moore <jjmoore@att.net> wrote:
>
>  Hey guys,
>
>  Me again.  Some of you administer servers, yes?  I've been trying to find a
> book that can help me along.  Anyone have an opinion on Craig Hunt's books?
> Like, how about Linux Apache Web Server Administration?  Or maybe his Linux
> DNS Server Administration?  There's one called Linux Administration: A
> Beginner's Guide by Steve Shah and Wale Soyinka that has some info on DNS
> and IP chaining that might be helpful.  It's hard to know what it is that I
> might need to know, until I run into it!  So far, I've managed to stumble
> thru getting nameservers configured and up and running, closed the open dns
> problem--had to edit config files rather than any GUI option!--but I still
> want to learn the best use of our other IPs (we have four).  Mostly, it's
> set up to use WHM and Cpanel, but they have already been found lacking.
>
>  Went to Borders hoping to find it to take a peek inside but, alas, they do
> not carry it.  Can't say as I blame them, tho!  Computer books get obsolete
> SO fast!  Is there a newsgroup I can lurk in?
>
>  Also, what do you think of Diceware.com's method of selecting a passphrase?
>  Is it overkill to use public/private keys to log in to one's server, or
> necessary security?  If there is a directory on the server called ssh (or
> .ssh), does not that mean that it is ssh1 rather than ssh2?  That's what I'm
> understanding from the putty docs.  I did download SecureCRT to try it out,
> but don't think I wanna pay 99 bucks for it!
>
>  TIA,
>
>  Juanita
>
>
>


-- 
Mark Riedesel <mriedesel@gmail.com>
Klowner's Wallpapers
http://www.klowner.com