Introduction

We have three goals.

  1. to allow sftp file upload and download to and from home directories and webspace with no password
  2. to absolutely not allow these users to get a shell.

Steps

  1. Restore the dump from ftp so you have pkgsrc and perl
  2. generate an SSH public/private keypair as root
  3. Add a new user (sftpuser)
  4. set the new users password
  5. login over ssh as that user
  6. add root's public key to the sftpuser's allowed keys list
  7. exit ssh
  8. login of sftp with no password (using the key)
  9. use scp to copy the pkgsrc tar file to /home/sftpuser
  10. Install pkgsrc from ftp
  11. Install the 'rssh' shell from pkgsrc (don't forget the instructions at the end of the install, the sshd config is /etc/ssh/sshd_config, and the rssh config is /usr/pkg/etc/rssh.conf)
  12. generate a putty key pair, and add that public key to the list for sftpuser, login with no password using putty
  13. lock down sftpuser's account so they can only sftp, and not get a shell (using rssh)
  14. install hydra from pkgsrc (security/hydra)
  15. download the password list from ftp (passwordlist.txt)
  16. attempt to hack your own ssh server
  17. install and start denyhosts to block the attack (security/py-denyhosts) (you might have to copy pkgsrc/security/py-denyhosts/work/denyhosts to /etc/rc.d before you can start it)

Questions:

what was the scp command you used to copy the pkgsrc file:


what is the purpose of rssh:


what commands can be run under rssh:


what is the name of the file where you list the public keys that you want to allow to login:



what is the name of the binary that is executed for sftp:


what is the full command line you issued to attempt to hack your ssh server with hydra:


Last updated: 2008-02-19
Updated by: Allan Jude

Written by: Allan Jude (2008)