On 21/03/10 02:27, Peter wrote:
On the same line, portknocking with pf:
Port knocking suck:
If you have to knock a single time on the secret port you might just
have no added security at all, could be that the port scanner first
knocked on the secret port then on the ssh port.
If you
Hello
I've been reading up on securing sshd after being bombarded with attempted
logins.
The steps i've taken so far to make things more secure are:
* changed the encryption method for passwords in /etc/login.conf from md5 to
blowfish and changed all the passwords to ridiculously obscure
On 20/03/10 14:18, Jamie Griffin wrote:
I've been reading up on securing sshd after being bombarded with attempted
logins.
Hi!
First step to ssh security is: Don't panic! Take your time to read the
logs and understand what's going on. So, you've got bombarded with login
attempts
On Sat, 20 Mar 2010 16:32:28 +0100
Erik Norgaard norga...@locolomo.org articulated:
* Disabled password logins completely, and to only allow public key
authentication
This seems good for security, but not always practical. Now you have
to walk around with a USB or have keys on your
On Saturday 20 of March 2010 18:14:17 Jerry wrote:
On Sat, 20 Mar 2010 16:32:28 +0100
Erik Norgaard norga...@locolomo.org articulated:
* Disabled password logins completely, and to only allow public key
authentication
This seems good for security, but not always practical. Now you
On 20/03/10 17:14, Jerry wrote:
Seriously, disabling password log-ins and using key authentication is
extremely secure. Do make sure that you password protect your keys
however. In any event, if you laptop or whatever is stolen, you have
more than just one problem to contend with anyway.
I
Jamie Griffin ja...@fantomatic.co.uk writes:
Hello
I've been reading up on securing sshd after being bombarded with attempted
logins.
The steps i've taken so far to make things more secure are:
* changed the encryption method for passwords in /etc/login.conf from md5 to
blowfish
I think on reflection I might have been a little over the top with blocking
password logins and I think the point about carrying a key on a usb stick, etc,
is a very good one. The reason I went with that decision is because I only
expect to be logging in to the server from two locations: at
On 20/03/10 18:23, Jamie Griffin wrote:
The reason I went with that decision is because I only expect to be
logging in to the server from two locations: at home or from a
computer at my university
In that case, the best thing you can do is figure out the IP ranges of
either location.
In that case, the best thing you can do is figure out the IP ranges of
either location.
Definately a good idea, thanks Eric.
Btw. I found two articles on securityfocus.com, the first is analysis
using a honeypot, as you see these attacks are pretty lame:
Jamie Griffin ja...@fantomatic.co.uk writes:
Hello
I've been reading up on securing sshd after being bombarded with
attempted logins.
The steps i've taken so far to make things more secure are:
* changed the encryption method for passwords in /etc/login.conf from
md5 to blowfish
11 matches
Mail list logo
