Jason Cooper wrote:
I understand your concerns - I had _exactly_ those concerns too - and yes - I can see script kiddy evidence in my logs too.Bad move. Exposing a single port to the internet is more than enough. I
also only expose a few ports (including ssh) to the net. My logs are full of knucklehead script kiddies trying to get in through ssh. At a minimum, disallow root login, and listen on a port other than 22. (At least on the net-facing side). Also, set AllowUsers to just yourself.
btw - all those log entries were when I was listening on port 22...
I've disabled remote root login - and in fact only one user can authenticate via SSH - and that user can't do so using only a password. I can't easily move to a non-standard port though (as I want to access it from sites which only allow outbound connections to port 22 (don't ask me why!)) and in any case - I know I get port-scanned and security through an obscure port number is likely to be as effective as a chocolate tea-pot. I suppose I could constrain the IP addresses of hosts which can connect... but I'm not entirely sure that the trade-off between usefulness to me and improved security makes that worthwhile...
I realise I run the risk of being compromised if another exploit is found in SSH - but my fingers are firmly crossed there... I'm trusting for now that I can keep my keys safe and that there isn't a SSH back-door... Time will tell I suppose.
I understand that I need a stringent firewall in order to make sure my wireless connection can only effect connection to the SSH service.
-- gentoo-user@gentoo.org mailing list
