[Fedora] Seeing input on Securing the Linux system from intrusions and attacks.
Dean S. Messing
deanm at sharplabs.com
Sat Dec 29 20:49:11 UTC 2007
Frank Cox wrote:
: Karl Larsen <k5di at zianet.com> wrote:
: > From my own experience I learned you need to use real good passwords
: > on EVERYTHING. I thought my user password was safe because no one can
: > get to that. WRONG. A ssh connection can use your weak user password to
: > get in.
: >
: > So use passwords that include letters upper and lower case and
: > numbers. Then sleep well at night.
:
: Better solution:
:
: Specify only the usernames and IP addresses allowed to log in through ssh
: in /etc/ssh/sshd_config
How does one get into one's system from one's laptop if one is traveling
and forced to use the local hotel internet connection?
: Disallow password logins completely in /etc/ssh/sshd_config and use keys
: instead.
Agreed! Also, I (and many others) have found that moving sshd off of
port 22 completely stops the script-kiddy attempts that fill one's
/var/log/messages
: Add the appropriate entries to /etc/hosts.allow and /etc/hosts.deny to deny
: remote access to ssh (and all other services)
Again, how does this impact remote access when traveling?
Dean
More information about the fedora-list
mailing list