DSM-G600, DNS-3xx and NSA-220 Hack Forum

alpha wrote:

Do you mean to allow only limited user to login and then do a su command to act like root ? Am I understand correctly ?

Exactly right. NEVER allow root direct access to ssh. Everyone knows their is a "root" account. Make them have to guess at an unprivileged username. Then, as long as you've done an audit of all system perms, they have to figure out root's password once they get in to do any real damage. That's also why you should change the port number. Everyone knows ssh defaults to port 22. Easy enough to scan ports but make them work for it.

You don't have disable anything to upgrade ssh. Just do a "funpkg -u openssh-5.2p1-1.tgz", do a "ps aux" to find out the pid number of '/ffp/sbin/sshd' and then do a "kill -HUP pidnumber". That will restart sshd without bumping you off your session.

Last edited by madpenguin (2009-03-20 17:05:00)

Wow.... That lots of nice security tips you gave me Thanks !
Now, port number ok Everything else will be done maybe tomorrow (have not very much free time).
One more question about security: should I disable network access from DNS GUI ? I mean this access when you can map DNS drive like network drive and use it. Is it security issue or not ? Is it possible to map DNS drive from external ?

Regards,
alpha