D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] SSH

 

Neil Stone wrote:

>> If you do open port 22 to the world make sure you have decent
>> passwords, ie lots of letters, numbers upper and lower case and quite
>> a few characters the more the better really. If you are going to
>> connect in remotley then if it is just from a known location you can
>> firewall to just allow that location to get in or if you only connect
>> remotley from your machines eg a laptop etc you can pre exchange the
>> RSA sigs and not rely on passwords at all.

If you, like me, have the luxury of a single known remote IP address, 
then many firewall/routers have the option of only allowing that address 
in.

> denyhosts anyone ?

Good tool, as is fail2ban. I'd like to routinely ban subnets of anyone 
attempting to smtp relay or http url-attacks by script too. Am getting a 
lot of these lately, almost certainly from scripts/viruses/trojans.

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html