Re: Extended question: SSH safety

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, 2004-11-14 at 06:26, J.L. Coenders wrote:

> Ok, so if you place it on a non-standard port, disable the root login, etc. it 
> is possible.
> Is it also possible to allow ssh traffic from for instance a few ip addresses? 
> Because I am limited to I guess two or three ip's.

   Yeah, unlike some packages, SSH has had a lot of eyes on it from both
sides.  The 'brute force' attacks they talked about was apparently for
Cisco Catalyst routers (or whatever) and always try the same
usernames/passwords; not too complicated, yet.  But it's best to be
safe, not sorry.

   Around here I have root logins turned off, 'publickey's only, and
then limit the logins to a handful of non-root users (not things like
bin/daemon/nobody: just a couple) and it's been fine.  Unless someone is
really trying hard, it won't be opened...but make sure to keep doing
your updates.

   Personally, I don't care for putting them on non-standard ports,
since real attackers will find it wherever they are and it just makes
the day-to-day a little tougher...like turning of ICMP packets and
such.  But that's up to you.

   Enjoy!

-- 
------------------------------------------------------------------------
Brian FahrlÃnder                  Christian, Conservative, and Technomad
Evansville, IN                                 http://www.fahrlander.net
ICQ 5119262
AIM: WheelDweller
------------------------------------------------------------------------

Attachment: signature.asc
Description: This is a digitally signed message part


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux