Securing SSH
wwp
subscript at free.fr
Tue May 23 18:05:22 UTC 2006
Hello,
On Tue, 23 May 2006 11:53:27 -0600 Reg Clemens <reg at dwf.com> wrote:
>
>
> > I'm looking to tighten up my ssh configuration.
>
> Well, your going to have people banging on the door no matter what you
> implement. I finally had it with the log files (Logwatch) being full of
> this pounding and did two things
> (1) in my firewall only allowed incoming ssh from my work network
> number. (2) Actually, that would have been too severe, I do want to get in
> from other
> outside numbers on occasion,- so I also allow incoming ssh from my
> ISP. So if Im outside, not at work, and need to get in, I first ssh to my
> ISP, then
> ssh home. That ended the banging on the door. I mean, I trust
> ssh, its just the time waisted reviewing the logs that this solves.
Here: no root login, no trustedhosts, proto2 only, no passwordauthlogin, no
rsa, sshd at port != 22, and ssh-faker running
(http://www.pkts.ca/ssh-faker.shtml).
Regards,
--
wwp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20060523/97773a52/attachment-0002.bin
More information about the users
mailing list