Extended question: SSH safety
Brian Fahrlander
brian at fahrlander.net
Sun Nov 14 12:34:37 UTC 2004
On Sun, 2004-11-14 at 06:26, J.L. Coenders wrote:
> Ok, so if you place it on a non-standard port, disable the root login, etc. it
> is possible.
> Is it also possible to allow ssh traffic from for instance a few ip addresses?
> Because I am limited to I guess two or three ip's.
Yeah, unlike some packages, SSH has had a lot of eyes on it from both
sides. The 'brute force' attacks they talked about was apparently for
Cisco Catalyst routers (or whatever) and always try the same
usernames/passwords; not too complicated, yet. But it's best to be
safe, not sorry.
Around here I have root logins turned off, 'publickey's only, and
then limit the logins to a handful of non-root users (not things like
bin/daemon/nobody: just a couple) and it's been fine. Unless someone is
really trying hard, it won't be opened...but make sure to keep doing
your updates.
Personally, I don't care for putting them on non-standard ports,
since real attackers will find it wherever they are and it just makes
the day-to-day a little tougher...like turning of ICMP packets and
such. But that's up to you.
Enjoy!
--
------------------------------------------------------------------------
Brian Fahrländer Christian, Conservative, and Technomad
Evansville, IN http://www.fahrlander.net
ICQ 5119262
AIM: WheelDweller
------------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20041114/842590c5/attachment-0001.sig>
More information about the fedora-list
mailing list