Thanks for all the write in's. It has actually been very helpful to get many
varying
views.
In the end, I found help on the actual howto to force certificate
logins from one of the links posted. Unfortunately, I can't redirect ssh to
port 443
because I actually use https. Controlling the numbe
On Sunday 12 October 2008 10:00:04 [EMAIL PROTECTED] wrote:
> We
>
> I don't know what makes you flame so hard with a simple suggestion of mine.
>
> I've tested PortKnock, I like it and I feel comfortable with it. Since
> Phill had asked an open question for alternative approaches t
On Sun, Oct 12, 2008 at 09:48:59PM +1100, Owen Townend wrote:
> 2008/10/12 Del <[EMAIL PROTECTED]>:
> > Mary Gardiner wrote:
> >
> >> There is one potential disadvantage of non-standard ports: there are a
> >> few networks with a default-deny outgoing connection policy who open
> >> port 22, but do
2008/10/12 Del <[EMAIL PROTECTED]>:
> Mary Gardiner wrote:
>
>> There is one potential disadvantage of non-standard ports: there are a
>> few networks with a default-deny outgoing connection policy who open
>> port 22, but do not open most ports. (I find 443 the most useful
>> alternative port to r
Mary Gardiner wrote:
There is one potential disadvantage of non-standard ports: there are a
few networks with a default-deny outgoing connection policy who open
port 22, but do not open most ports. (I find 443 the most useful
alternative port to run SSH on, outgoing to 443/HTTPS is very often
op
"Owen Townend" <[EMAIL PROTECTED]> writes:
> 2008/10/12 Daniel Pittman <[EMAIL PROTECTED]>:
>
> [snip]
>> To me, this is like airport security: I am all in favour of securing air
>> travel. I am not in favour of doing things that make people *feel*
>> secure without actually doing a damn thing.
>
2008/10/12 Daniel Pittman <[EMAIL PROTECTED]>:
[snip]
> To me, this is like airport security: I am all in favour of securing air
> travel. I am not in favour of doing things that make people *feel*
> secure without actually doing a damn thing.
>
> Regards,
>Daniel
Hey,
Just to quickly we
"Brian Sydney Jathanna" <[EMAIL PROTECTED]> writes:
> We
> I don't know what makes you flame so hard with a simple suggestion of
> mine.
I am not, by the traditional meaning of the term, "flaming" you here,
though I will grant you that I am not working hard to be being
especially
We
I don't know what makes you flame so hard with a simple suggestion of mine.
I've tested PortKnock, I like it and I feel comfortable with it. Since Phill
had asked an open question for alternative approaches to secure his network,
I made a simple suggestion.
I don't know why yo
"Brian Sydney Jathanna" <[EMAIL PROTECTED]> writes:
> Port Knock service secures the network by having all the ports closed
> and listens on a secret port for the secret handshake.
When you say "secures the network", do you mean to imply that there are
significant security risks in the Linux IP s
Port Knock service secures the network by having all the ports closed and
listens on a secret port for the secret handshake.
When the client intiates a connection, the connection is verified through
the internal database as to which service the particular client has access
to. The doorman approves
Well, Michael and Alex beat me to it.
That's what I was going to say; use iptables. Though Alex's rules are
somewhat more complex than mine, I think mine do the same.
After setting up the chain, my salient rule is just;
-A INBOUND_FILTER -i eth0 -p tcp -m tcp --dport 22 -m limit --limit
2/mi
On Fri, Oct 10, 2008 at 03:41:57PM +1100, Michael Chesterton wrote:
>
> On 10/10/2008, at 10:58 AM, Daniel Pittman wrote:
>>>
>> Personally, I use fail2ban[1] which uses the cruder, but still
>> effective, technique of reading your logs and blocking people who try
>> to
>> guess passwords via ipta
On 10/10/2008, at 10:58 AM, Daniel Pittman wrote:
Personally, I use fail2ban[1] which uses the cruder, but still
effective, technique of reading your logs and blocking people who
try to
guess passwords via iptables.
I use with great success an iptables rule to limit new ssh connections
"Brian Sydney Jathanna" <[EMAIL PROTECTED]> writes:
> On 10/9/08, Phill O'Flynn <[EMAIL PROTECTED]> wrote:
>>
>> Hi everyone
>> I am running a fedora server and currently using hosts.allow to
>> only allow ssh accesses from specific ip addresses. I did this because I
>> was getting
>> a lot of idio
I guess the best approach would be to consider using Port Knock
http://www.portknocking.org/
Cheers,
Brian
On 10/9/08, Phill O'Flynn <[EMAIL PROTECTED]> wrote:
>
>
>
> Hi everyone
> I am running a fedora server and currently using hosts.allow to
> only allow ssh accesses from specific ip address
On Fri, Oct 10, 2008, jam wrote:
> On a non-standard port I've had ZERO login attempts over the last 3+ years,
> compared (like you) to 10s and 100s per day. This is trivial to implement
> even has the advantage of multiple servers/virtual servers behind a DSL
> router (different non standard fo
Erik de Castro Lopo <[EMAIL PROTECTED]> writes:
> Phill O'Flynn wrote:
>
>> I am running a fedora server and currently using hosts.allow to
>> only allow ssh accesses from specific ip addresses. I did this because I was
>> getting
>> a lot of idiots from eastern Europe and Russia tring to crack my
On Friday 10 October 2008 07:29:25 [EMAIL PROTECTED] wrote:
> I am running a fedora server and currently using hosts.allow to
> only allow ssh accesses from specific ip addresses. I did this because I
> was getting a lot of idiots from eastern Europe and Russia tring to crack
> my server.
>
> This
you can configured your sshd's configuration in /etc/ssh/sshd_config
however in your case you might want to look at denyhosts
http://denyhosts.sourceforge.net/
Dean
Phill O'Flynn wrote:
Hi everyone
I am running a fedora server and currently using hosts.allow to
only allow ssh accesses fr
Phill O'Flynn wrote:
> I am running a fedora server and currently using hosts.allow to
> only allow ssh accesses from specific ip addresses. I did this because I was
> getting
> a lot of idiots from eastern Europe and Russia tring to crack my server.
>
> This has been ok but now is prooving to
2008/10/9 Phill O'Flynn <[EMAIL PROTECTED]>:
>
>
> Hi everyone
> I am running a fedora server and currently using hosts.allow to
> only allow ssh accesses from specific ip addresses. I did this because I was
> getting
> a lot of idiots from eastern Europe and Russia tring to crack my server.
>
> T
Hi everyone
I am running a fedora server and currently using hosts.allow to
only allow ssh accesses from specific ip addresses. I did this because I was
getting
a lot of idiots from eastern Europe and Russia tring to crack my server.
This has been ok but now is prooving to be too restrictive.
23 matches
Mail list logo
