On 29 Dec 2005, at 23:18, Grant wrote:
Also, what should I do about securing ssh? I'm using a high port number. Is there other special configuration I should be using? I'm using the standard sshd_config except for the high port number specification.
Using a high port number isn't terribly helpful - it's just security through obscurity and if someone were to port-scan you with all nmap's options turned on they'd surely figure out you were running ssh on that port.
Since SSH is encrypted there's not much you need to do to secure it. I disable root logins via ssh with "PermitRootLogin no" to save the password of one known account from being guessable or brute forced. If you want to be paranoid you can restrict logins to known keys, I think. A but of homework will tell you more about that - I usually just add known secure machines to ~/.ssh/authorized_keys2 to save me typing a password when shelling around my LAN & stuff.
Stroller. -- gentoo-user@gentoo.org mailing list
