SSH Users

[Mark Haney]

Bill Taylor wrote:
> There is so little danger to the Linuxsystem but we must keep it that
> way and this article from ZD Net might help.
> 
> http://blogs.zdnet.com/security/?p=1803&tag=nl.e550
> -  
>                                                            Bond Servant,
>                                                              Bill Taylor
>                                                      Killer Spade 806 CE
>                                                                  1968-69
> 
> 
> 

Nice article, but I would like to add a comment or two.  If you use ssh 
keys for automated processes, in all likelihood the process are coming 
from a set number of hosts.  If that is the case, lock down IPtables 
/hosts.allow and hosts.deny/ipchains/etc to limit accessing SSH to those 
IPs (or IPs in your subnet).  Don't leave the port just open if you have 
this in place.

Also, if you DO use the keys.  Don't use port 22.  Use another port to 
make it harder to attack.

Just my $0.02.  As my heroes say:

'Don't try what you are about to see at home.  We're what you call experts.'



-- 
Libenter homines id quod volunt credunt -- Caius Julius Caesar


Mark Haney
Sr. Systems Administrator
ERC Broadband
(828) 350-2415

Call (866) ERC-7110 for after hours support