SSH Gateway

1.

To Do

 -- investigate running users in a restricted or chrooted shell

 -- RKHunter, Chkrootkit, etc

2.	SSH Non-Chroot

/etc/ssh/sshd_config:

  PermitRootLogin no    # ...default is "yes"...

fail2ban

/etc/fail2ban/jail.conf:

  bantime  = 86400    # ...one day...
  maxretry = 7

3.	SSH Chroot

 http://www.debian.org/doc/manuals/securing-debian-howto/ap-chroot-ssh-env.en.html

   -- use makejail

   -- added /proc
            /etc/ldap/ldap.conf
            /etc/pam_ldap.conf

   -- not yet done syslog


   -- to avoid 
        PTY allocation request failed on channel 0
      do
        mount -t devpts devpts /home/chroot/dev/pts
   

 -- now need to fix up the ldap/pam stuff in the chroot

 -- first get ldapsearch working:
     -- needed to fix up

  root@sekhmet:/var/chroot/sshd/usr/lib# ls -l /var/chroot/sshd/usr/lib/*ldap*
lrwxrwxrwx 1 root root     18 Apr 19 16:15 /var/chroot/sshd/usr/lib/libldap-2.4.so.2 -> libldap_r-2.4.so.2
lrwxrwxrwx 1 root root     22 Apr 19 15:37 /var/chroot/sshd/usr/lib/libldap_r-2.4.so.2 -> libldap_r-2.4.so.2.5.6
-rw-r--r-- 1 root root 297256 Apr 19 16:13 /var/chroot/sshd/usr/lib/libldap_r-2.4.so.2.5.6
lrwxrwxrwx 1 root root     26 Apr 19 16:16 /var/chroot/sshd/usr/lib/libnss_ldap.so.2 -> ../../lib/libnss_ldap.so.2

and

 ls -l /var/chroot/sshd//lib/*ldap*
-rw-r--r-- 1 root root 81648 Jun 18  2010 /var/chroot/sshd//lib/libnss_ldap-2.11.2.so
lrwxrwxrwx 1 root root    21 Apr 19 15:37 /var/chroot/sshd//lib/libnss_ldap.so.2 -> libnss_ldap-2.11.2.so


and then change /var/chroot/sshd/etc/ldap/ldap.conf to use ip not address:

  host 130.88.101.134

and pam_ldap.conf the same

  host 130.88.101.134

...and it works!!!!!!!!!!!!!!!!!1

4.	Chkrootkit and RKHunter

 -- NYI

5.	Restricted Shell

 -- NYI

6.

Chroot

 -- NYI