[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

shell server



Anybody written a white-paper on how to set up a "even more secure" OpenBSD shell server?

chrooting accounts (jail)?
best way for public web pages?
how to manage public key import? (from all ranges of users)
how can ident help with identifying users in logs?

etc etc...

Im pretty sure how to do all of above but i wanted to see if anybody else has done it., and how.

What im curious about is how to solve that certain users are only allowed to ssh to certain other machines.
I guess root could own the ~/.ssh/known_hosts files but are there any smarter alternatives?


Any good examples of pf.conf for this type of server?
And what other binaries should i alter the ability for users to execute?

/David