Extended question: SSH safety
J.L. Coenders
fedora at universalgrid.nl
Sun Nov 14 12:26:07 UTC 2004
On Sunday 14 November 2004 12:15 pm, Leonard Isham wrote:
> On Sun, 14 Nov 2004 02:48:19 -0500 (EST), Tom Diehl <tdiehl at rogueind.com>
wrote:
> > On Sun, 14 Nov 2004, J.L. Coenders wrote:
> > > Hi,
> > > I was wondering how safe it is to open the ssh port up to the internet.
> > > I am behind a router which is firewalled to block all traffic, unless I
> > > open it up and route it to my computer. Is it safe to open ssh up to
> > > the internet, so I can run applications of my home computer over the
> > > internet?
> >
> > Depends on how paranoid you are. Every open port creates some risk.
> > Generally speaking ssh is fairly secure but there have been exploits
> > found in it in the past. As long as you keep things up2date you should be
> > OK. You can as others will suggest move the port ssh runs on to a
> > non-standard port which means that the scripts that run everyday looking
> > for weak passwds and known exploits will not know where to look. You can
> > also disable root logins via ssh among other things, depending on your
> > level of paranoia.
> >
> > HTH,
> >
> > Tom
>
> There are alot of script kiddies running automated brute force attacks
> against port 22. There is quite a long thread about this in the
> archives.
>
> *Do* disable root login.
> *Do* limit allowed login IDs
> *Do* use strong passwords
> *Do* keep your systen updated to avoid any security vunerabilities
>
> If you do get broken into:
>
> Check for rootkits and if one is found:
> Boot to from a live cd or rescue cd
> Backup your *data only*
> Wipe the hard drive and do a clean install
>
> --
> Leonard Isham, CISSP
> Ostendo non ostento.
Ok, so if you place it on a non-standard port, disable the root login, etc. it
is possible.
Is it also possible to allow ssh traffic from for instance a few ip addresses?
Because I am limited to I guess two or three ip's.
- Jeroen
More information about the fedora-list
mailing list