On Thu, Dec 30, 2004 at 10:34:36PM -0700, James McKenzie wrote: > Ed Wilts wrote: > >On Thu, Dec 30, 2004 at 09:19:35PM +0800, chi wrote: > > >My recommended approach would be to block *all* incoming connections to > >sshd via either /etc/hosts.deny or via iptables. Then, add only those > >hosts or subnets who you know need incoming access. In my case, I allow > >incoming access from my office subnet and from a trusted colleague but > >everybody else is blocked. > > Example iptables lines please? I personally don't use iptables - I prefer to do it via tcpwrappers since it's so trivial to manage. I've masked the output below slightly (I don't work for trusted.com, whoever they are) but you should get the drift. # # hosts.deny This file describes the names of the hosts which are # *not* allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. # # from %h %a to %d at `date`|tee -a /var/log/secure|mail root ALL: ALL: spawn echo tcpwrap has detected an unauthorised connection attempt\ from %h %a to %d at `date`|tee -a /var/log/secure|mail -s 'Unauthorized \ Connection attempt' root ----------------------------- # # hosts.allow This file describes the names of the hosts which are # allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. # ALL: LOCAL, .ewilts.org, 192.168.0.0/255.255.255.0,127.0.0.1,.trusted.com, sendmail: ALL smtps: ALL > I think the idea of using port 2222 is a better one. A port scanner will find you. Security by obscurity won't help you in the long run. The script kiddies will just add 2222 to their list of ports to check. -- Ed Wilts, RHCE Mounds View, MN, USA mailto:ewilts@xxxxxxxxxx Member #1, Red Hat Community Ambassador Program
