attack on my server

Tyler Aviss tjaviss-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Mon Aug 27 23:25:51 UTC 2007


Agreed. Anything that adds to security without overly impeding
functionality/performance is usually a good idea. In this case I was
trying to indicate that if keyless access is needed then having a
secondary password-authenticated SSH for non-privilaged accounts is a
good idea. However, having denyhosts or other measures on top of that
is an even better idea.

On one of my more secure servers I actually keep most of my
net-accessible processes running from a vserver, which keeps the
chance of the whole server being compromised down.

On 8/27/07, Charles philip Chan <cpchan-rieW9WUcm8FFJ04o6PK0Fg at public.gmane.org> wrote:
> Jamon Camisso <jamon.camisso-H217xnMUJC0sA/PxXw9srA at public.gmane.org> writes:
>
> > Sure, again keys are best. But moving the port reduces automated scans
> > drastically, I'd say by an order of magnitude at least, usually more.
>
> No matter what, a port scan will find it. a better option for this is to
> use denyhost:
>
> http://denyhosts.sourceforge.net/
>
> if your copy of sshd is compiled with tcpwrapper support. Another option
> is to use snort with flex-response or in conjuction with guardian.pl or
> blockit.pl.
>
> Charles
>
> --
> Use debugging compilers.
>             - The Elements of Programming Style (Kernighan & Plaugher)
>
>
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists





More information about the Legacy mailing list