SSHD_config question

Karl Auer kauer at biplane.com.au
Thu Aug 14 14:15:52 UTC 2008


On Thu, 2008-08-14 at 09:57 -0400, Brian McKee wrote:
> On Thu, Aug 14, 2008 at 8:10 AM, Knapp <magick.crow at gmail.com> wrote:
> > On Thu, Aug 14, 2008 at 1:42 PM, Adam Funk <a24061 at ducksburg.com> wrote:
> >> On 2008-08-14, Knapp wrote:
> > I hope, pray, that my system has strong security at this point with ssh
> > locked down hard and Firestarter locking out most other things. Have I
> > missed anything?

As Brian said, turn off password access completely, that will stop most
of the script attacks. If you can, move your server to a port other than
22, 222, 2222 and 22222 - use something random, so it's at least not in
the firing line. Make sure (if you have multiple interfaces) that sshd
is listening only on the interface(s) you want it to use. If you don't
use IPv6, turn off IPv6 access too. If you do not expect legitimate use
outside certain hours, use cron to stop and start sshd so it is only
accepting connections during those hours. If you are very serious, you
could try adding port knocking.

Regards, K.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)                   +61-2-64957160 (h)
http://www.biplane.com.au/~kauer/                  +61-428-957160 (mob)

GPG fingerprint: DD23 0DF3 2260 3060 7FEC 5CA8 1AF6 D9E3 CFEE 6B28
Public key at  : random.sks.keyserver.penguin.de

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20080815/3853d818/attachment.sig>


More information about the ubuntu-users mailing list