On 21/03/10 02:27, Peter wrote:
On the same line, portknocking with pf:
Port knocking suck:
If you have to knock a single time on the secret port you might just
have no added security at all, could be that the port scanner first
knocked on the secret port then on the ssh port.
If you have
> Jamie Griffin writes:
>
>> Hello
>>
>> I've been reading up on securing sshd after being bombarded with
>> attempted logins.
>>
>> The steps i've taken so far to make things more secure are:
>>
>> * changed the encryption met
> In that case, the best thing you can do is figure out the IP ranges of
> either location.
Definately a good idea, thanks Eric.
> Btw. I found two articles on securityfocus.com, the first is analysis
> using a honeypot, as you see these attacks are pretty lame:
> http://www.symantec.com
On 20/03/10 18:23, Jamie Griffin wrote:
The reason I went with that decision is because I only expect to be
logging in to the server from two locations: at home or from a
computer at my university
In that case, the best thing you can do is figure out the IP ranges of
either location.
Check
I think on reflection I might have been a little over the top with blocking
password logins and I think the point about carrying a key on a usb stick, etc,
is a very good one. The reason I went with that decision is because I only
expect to be logging in to the server from two locations: at hom
Jamie Griffin writes:
> Hello
>
> I've been reading up on securing sshd after being bombarded with attempted
> logins.
>
> The steps i've taken so far to make things more secure are:
>
> * changed the encryption method for passwords in /etc/login.conf from
On 20/03/10 17:14, Jerry wrote:
Seriously, disabling password log-ins and using key authentication is
extremely secure. Do make sure that you password protect your keys
however. In any event, if you laptop or whatever is stolen, you have
more than just one problem to contend with anyway.
I don
On Saturday 20 of March 2010 18:14:17 Jerry wrote:
> On Sat, 20 Mar 2010 16:32:28 +0100
>
> Erik Norgaard articulated:
> > > * Disabled password logins completely, and to only allow public key
> > > authentication
> >
> > This seems good for security, but not always practical. Now you have
> > to
On Sat, 20 Mar 2010 16:32:28 +0100
Erik Norgaard articulated:
> > * Disabled password logins completely, and to only allow public key
> > authentication
>
> This seems good for security, but not always practical. Now you have
> to walk around with a USB or have keys on your laptop and if you
>
On 20/03/10 14:18, Jamie Griffin wrote:
I've been reading up on securing sshd after being bombarded with attempted
logins.
Hi!
First step to ssh security is: Don't panic! Take your time to read the
logs and understand what's going on. So, you've got bombarded with login
Hello
I've been reading up on securing sshd after being bombarded with attempted
logins.
The steps i've taken so far to make things more secure are:
* changed the encryption method for passwords in /etc/login.conf from md5 to
blowfish and changed all the passwords to ridiculous
11 matches
Mail list logo