OT-ish F9 Laptop\USB-Stick CentOS5.x Server SSH Access

edik077 at gmail.com edik077 at gmail.com
Sat Aug 30 13:36:55 UTC 2008 

If you followed the default installation and set up the firewall. It
will only allow ssh & other services that you have configured. If you
set up this box as http server it should have enabled that as well. I
would advise you to run:

iptables -L # to see what is allowed or not

If you have other ports open that you don't need, run:

service-config-securitylevel or system-config-securitylevel-tui #this
will allow you to do it on an easy prompt driven way if you don't want
to create a script with iptables commandns on it that you can modify
as you wish and reload accordingly as I do on my boxes

regards


On Sat, Aug 30, 2008 at 4:04 AM, Tim <ignored_mailbox at yahoo.com.au> wrote:
> On Sat, 2008-08-30 at 09:59 +0100, Frank Murphy wrote:
>> I mean only allow ssh access from those two scenarios,
>> my laptop + an F9 usb-stick.
>>
>> because there are attempts by "fluffy" and other(s) to access the box.
>
> Well, if your own computers are from fixed IPs, you can set those into a
> list of IPs allowed to connect.  However, that doesn't stop someone else
> who's able to get the same IP from trying.
>
> Good passwords, and only using the newer SSH2 protocol, makes it damn
> hard for anyone else to get in.  They can try, and that's about it.
>
> Something like fail2ban will automatically firewall off someone who
> tries and fails, so they don't get to try again.  There's a few of those
> sort of things, which will auto-blacklist addresses for a while.  It
> could be a permanent blacklist, but you'd only want to do that if there
> was no chance of accidentally locking yourself out.
>
> Look into finding and using fail2ban.  I think that's your best way to
> handle it.
>
> --
> [tim at localhost ~]$ uname -r
> 2.6.25.14-108.fc9.i686
>
> Don't send private replies to my address, the mailbox is ignored.  I
> read messages from the public lists.
>
>
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
> Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
>



-- 
Ed Landaveri
GNU/Linux User 433512
http://counter.li.org
"Free as in Freedom"

More information about the users mailing list