Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revisionBoth sides next revision
advisories/hardeningfeb2019 [2019_02_13 11:05] – kamran edit2 kamranadvisories/hardeningfeb2019 [2019_02_13 11:08] kamran
Line 50: Line 50:
 ===== SSH Settings ===== ===== SSH Settings =====
 #### (for initial deployments of version 1901 or  earlier) #### (for initial deployments of version 1901 or  earlier)
-The EFF's SSH configuration for initial deployments through v1901 allow connections by most of the clients that are in common use.  The settings can be changed to enforce the most rigorous security measure, in which case some commonly used clients will no longer be able to connect.  If you wish to change the configuration to the most current settings, please follow these steps.+You can also restrict the ciphers when connecting for administration using ssh
 <WRAP center round important 60%> <WRAP center round important 60%>
 This procedure should only be attempted if you have console access to your VM.  If you make a mistake then it may be impossible to connect to the VM over the network. In that case you will only be able to restore network access if you have console access. This procedure should only be attempted if you have console access to your VM.  If you make a mistake then it may be impossible to connect to the VM over the network. In that case you will only be able to restore network access if you have console access.
Line 75: Line 75:
 </code> </code>
  
-After saving the file restart the sshd service:+After saving the file restart the sshd service as root:
  
 <code> <code>
Line 84: Line 84:
 The EFF provides legacy protocol adaptors that allow you to use  FTP, FTPS or SFTP to access any storage that is connected to the EFF.  These protocols are presented by the EFF's CloudFTP service. The EFF provides legacy protocol adaptors that allow you to use  FTP, FTPS or SFTP to access any storage that is connected to the EFF.  These protocols are presented by the EFF's CloudFTP service.
  
-To provide compatibility with a wide range of clients, SFTP and FTPS support many encryption protocols and ciphers including some that are known to be relatively insecure, and the FTP protocol does not support encryption. Unless you have a specific need for FTP, FTPS or SFTP access to your EFF, we recommend disabling the CloudFTP service.  Here is how to do that.+To provide compatibility with a wide range of clients, SFTP and FTPS support many encryption protocols and ciphers including some that are known to be relatively insecure, and the FTP protocol does not support encryption. Unless you have a specific need for FTP, FTPS or SFTP access to your EFF, You can disable CloudFTP service.  Here is how to do that.
    
 As root: As root:
© Copyright 2024 Nasuni.