Hi Craig,
Fail2Ban, key only login, firewall, and timely updates will probably
cover 99% of your risks (although I'd also suggest disabling / removing
any unused services), however if you want to go further this is an
excellent guide to linux security;
http://crunchbang.org/forums/viewtopic.ph
No not just a hidden service but an authenticated hidden service.
Also Knockknock is a port knocker... which uses cryptographic authentication.
On Thu, Feb 6, 2014 at 7:04 AM, Craig C-S wrote:
> Thanks all for the advice!
>
> Things to do:
> - I'll be looking to run Moxie Marlinspike's knockknoc
Thanks all for the advice!
Things to do:
- I'll be looking to run Moxie Marlinspike's knockknock daemon soon as that
seems like a superior solution to port knocking and rate limiting. (big fan
of his work on TextSecure and RedPhone!)
- Run OpenSSH as a hiddenservice. This seems obvious now but ha
Also, if you know how set the operating system to update automatically to keep
it secure.
Robert
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
You could have ssh only available through an authenticated hidden service...
and if you are worried about not being able to get back into the vps then
you could make ssh also available via knockknock:
http://www.thoughtcrime.org/software/knockknock/
On Wed, Feb 5, 2014 at 11:45 AM, I wrote:
> T
This is a good question.Perhaps 'hardening' a server could be addressed on the new web pages.It would seem to be important and pertinent for all who take the plunge and set-up a relay on a virtual private server but who may not know more than that, to secure their servers.I would be glad to be