tightening ssh

Wolfgang S. Rupprecht wolfgang+gnus200511 at dailyplanet.dontspam.wsrcc.com
Tue Nov 22 04:21:29 UTC 2005


"Knute Johnson" <knute at frazmtn.com> writes:
> I found an idea that uses the recent module of iptables.  Was easy to 
> write and works really well.  The first connection gets through but 
> fails because of the public/private key setup and the second 
> connection is dropped.

That sounds like its much better than what I'm doing.

My first homebrew hack started out using 'tail -f' which wasted a
little time every second.  It's not much cpu, but it is embarrassingly
hack-ish.  (The second version used a perl module that did a variable
length poll on the log file.  In theory that lowered the CPU usage a
bit but was still that same embarrassing hack.)  I'm glad to see
someone did a proper interface to iptables.

> Wolf:  Thanks again for the instructions on the p/p key setup.

It was my pleasure!  

When I first tried to configure sshd I was fairly worried that I was
misunderstanding something and feared that I had opened my system for
wide scale intrusions.  Sshd has way too many switches and using some
of them pretty much negates any security ssh might have offered.

-wolfgang
-- 
Wolfgang S. Rupprecht                http://www.wsrcc.com/wolfgang/




More information about the fedora-list mailing list