Hp-Ux Configuration of TCP-WRAPPERS and OPENSSH

Configuration of TCP-WRAPPERS and OPENSSH

____ for file in /etc/hosts.allow /etc/hosts.deny

/bin/touch $file

/bin/chown root:root &file

/bin/chmod 600 $file

done

____ /usr//bin/echo ‘ALL: , , … ‘> /etc/hosts.allow

replace net1, net2 with the IP addresses of machines that you want to grant access to

____ /usr/bin/echo ‘ALL:ALL: /usr/bin/mailx –s "%s:connection attempt from %a" ’ > /etc/hosts.deny

replace with email address of administrator

____ /usr/bin/cp /opt/openssh/etc/sshd_config /etc/rc.config.d/sshd_config
____ Modify /etc/rc.config.d/sshd_config [14]

Port 22

Protocol 2,1

ListenAddress 0.0.0.0

PidFile /opt/openssh2/etc/sshd.pid

HostKey /opt/openssh2/etc/ssh_host_key

HostDSAKey /opt/openssh2/etc/ssh_host_dsa_key

ServerKeyBits 1024

LoginGraceTime 180

KeyRegenerationInterval 900

PermitRootLogin no

IgnoreRhosts yes

IgnoreUserKnownHosts yes

StrictModes yes

X11Forwarding yes

PrintMotd no

KeepAlive no

SyslogFacility AUTH

LogLevel INFO

RhostsAuthentication no

RhostsRSAAuthentication no

RSAAuthentication yes

PasswordAuthentication yes

PermitEmptyPasswords no

CheckMail nos

UseLogin no

____ /usr/bin/chown root:root /etc/rc.config.d/sshd_config
____ /usr/bin/chmod 600 /etc/rc.config.d/sshd_config
____ Generate server key files

____ /opt/openssh2/bin/ssh-keygen –b 1024 –N ‘’ –f /opt/openssh2/etc/ssh_host_key

____ /opt/openssh2/bin/ssh-keygen –d –N ‘’ –f /opt/openssh2/etc/ssh_host_dsa_key

____ create sshd startup script (See Appendix D for an example)
____ move script to /sbin/init.d/sshd
____/usr/bin/chown root:sys /sbin/init.d/sshd
____/usr/bin/chmod 744 /sbin/init.d/sshd
____ /usr/binln –s /sbin/init.d/sshd /sbin/rc2.d/S75sshd
____ /sbin/init.d/sshd start
____ /usr/sbin/vi /etc/inetd.conf*
____ modify ftp daemon to include tcp_wrappers*

ftp stream tcp nowait root /usr/local/sbin/tcpd /usr/lbin/ftpd ftpd -l -umask 022

____ modify telnet daemon to include tcp_wrappers*

telnet stream tcp nowait root /usr/local/sbin/tcpd /usr/lbin/telnetd telnetd -b /etc/issue

* If this system has been configured not to run inetd then you can disregard these steps.

Technical Help

Please find our other blogs which related to technical and devotional. We are a team grabing information from technical support forms where many issues solved by real time experianced people in the support forums. most of the issues are fixed by our best fallowers. Our team is working in top MNC companies located in all over India in different technolagies, here we share real time issues and help documents. like Troubleshooting steps, documentation, whitepapers, SOP's and many more, .

Any one can contribute here with your real time issues, though it help to others to find and fix before they fight with support folks.

Technical Help

Hp-Ux Configuration of TCP-WRAPPERS and OPENSSH

Related Posts

No comments