On 04Jul2017 01:54, William Mattison <mattison.compu...@yahoo.com> wrote:
Yesterday evening, I used the firewall configuration tool to turn off ssh in
the public zone, and then make the the change permanent. I also entered the
commands
* systemctl stop sshd
* systemctl mask sshd
* systemctl stop httpd
* systemctl mask httpd
This evening, I see nothing in the journalctl logs for today that look like
attempts to hack in. Definitely good news! Thank-you, everyone.
The firewall should be blocking inbound ssh, and your ssh _server_ process
(accepting inbound ssh) should be off. If I understand your summary about; I'm
not running Fedora here.
Follow-up questions:
1. I recall over the years several ways of connecting among computers: kermit
(am I dating myself here?!), ftp, rlogin, telnet, ssh, sftp, and others. Are
***all*** these now blocked incoming?
Kermit is a serial protocol IIRC. FTP, rlogin, telnet are all TCP protocols. If
you're runnning a service for any of them you're at risk. However (a) I'd be
surprised if _any_ of these were on by default - they're cleartext -
unencrypted. For the same reasons I'd be surprised if there were firewall rules
permitting them to come in.
Sftp is a mode of ssh. So if ssh is off , so is sftp.
Run nmap against your machine, from outside and also from your LAN. See what
shows up.
All of the above said, I would still expect you to be able to make an
_outbound_ ssh connection.
Cheers,
Cameron Simpson <c...@zip.com.au>
_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
