OT-ish F9 Laptop\USB-Stick CentOS5.x Server SSH Access
Jason Turning
jturning at sbcglobal.net
Sat Aug 30 17:34:38 UTC 2008
Frank Murphy wrote:
> Tim wrote:
>> On Sat, 2008-08-30 at 08:09 +0100, Frank Murphy wrote:
>>> What do I do to only allow remote access via ssh to my centos box.
>>> From my laptop F9+, or an F9+ usb-stick
>> What do you mean by "only allow"? You want to block all ports except
>> for what SSH uses? It should have a firewall configurator to make that
>> easy for you, untick all the options except for ssh.
>>
>> Write again if you need more info.
>>
>
> I mean only allow ssh access from those two scenarios,
> my laptop + an F9 usb-stick.
>
> because there are attempts by "fluffy" and other(s) to access the box.
>
> Frank
>
>
>
This article has a lot of the tips I've used to make my SSH server more secure.
You might want to look at using DSA public key authentication to limit the
logins like you requested.
http://www.linux.com/feature/61061
I do like to have my SSH server password accessible, so I've set AllowUsers and
run Denyhosts. Denyhosts is like the other program that locks out certain users
that have failed logging in so many times, except it has a server that you
report banned IPs and the server feeds you the IPs reported by everyone else.
That way all the active bots trying to crack SSH servers are mostly locked out
already. And remember to pick a strong passphrase if you leave this available.
Jason
More information about the users
mailing list