tightening ssh
Wolfgang S. Rupprecht
wolfgang+gnus200511 at dailyplanet.dontspam.wsrcc.com
Tue Nov 22 04:21:29 UTC 2005
"Knute Johnson" <knute at frazmtn.com> writes:
> I found an idea that uses the recent module of iptables. Was easy to
> write and works really well. The first connection gets through but
> fails because of the public/private key setup and the second
> connection is dropped.
That sounds like its much better than what I'm doing.
My first homebrew hack started out using 'tail -f' which wasted a
little time every second. It's not much cpu, but it is embarrassingly
hack-ish. (The second version used a perl module that did a variable
length poll on the log file. In theory that lowered the CPU usage a
bit but was still that same embarrassing hack.) I'm glad to see
someone did a proper interface to iptables.
> Wolf: Thanks again for the instructions on the p/p key setup.
It was my pleasure!
When I first tried to configure sshd I was fairly worried that I was
misunderstanding something and feared that I had opened my system for
wide scale intrusions. Sshd has way too many switches and using some
of them pretty much negates any security ssh might have offered.
-wolfgang
--
Wolfgang S. Rupprecht http://www.wsrcc.com/wolfgang/
More information about the fedora-list
mailing list