Sean Boudreau(deleted)
|
Re: Ensuring security of my QNX installation
|
Sean Boudreau(deleted)
12/02/2015 10:38 AM
post115165
|
Re: Ensuring security of my QNX installation
Make sure the perms are correct:
# chmod 700 ~/.ssh
# chmod 600 ~/.ssh/known_hosts
On Wed, Dec 02, 2015 at 09:28:51AM -0500, ICT Tegema wrote:
> I am currently reviewing the status of our QNX installation in terms of security and hackability and I am running into
problems.
>
> 1. SSH connection by using RSA keys.
> I want to secure my SSH connection by enforcing users to use a RSA key. For this, I have modified /etc/ssh/sshd_config
on the target and changed the following lines:
>
> RSAAuthentication yes
> PubkeyAuthentication yes
>
> and I did place my public key in /home/<USER>/.ssh/authorized_keys.
> Inetd and Random are running.
>
> However, when I connect to my target through Putty I get the message "Server refused our key". Can somebody say what
I'm missing here? Is there any way to get log files from the SSH daemon?
>
> 2. Access rights of auto-start application
> Once QNX is started, the IFS auto-start script in /.boot/ will run an executable that is located in a location that
can be modified by non-root users. Note that placing the application by non-root users is a requirement for the system.
Will this application get root-user access rights when called from my startup script? If so, this feels like a security
thread to me. Is there any way I can set the access rights of the auto-started application to a user with less
privileges?
>
> Many thanks in advance.
>
> Best regards,
> Edward
>
>
>
> _______________________________________________
>
> OSTech
> http://community.qnx.com/sf/go/post115162
> To cancel your subscription to this discussion, please e-mail ostech-core_os-unsubscribe@community.qnx.com
|
|
|