Re: [Ltsp-discuss] LTSP 5 Ubuntu and Server hardening

Thu, 16 Oct 2008 18:23:21 -0700 

On Friday 17 October 2008 01:47:37 [EMAIL PROTECTED] 
wrote:
> > Security through complexity is dumb and ends up biting you:
>
> Security by obscurity will probably work against brute force ssh worms, but
> is less likely to work where there is a determined attack.
>
> > My server is on a 192.168. From the WORLD it is only available via a non
> > standard port, internally 22 and ltsp is bog standard.
>
> A portscan and telnet to each open port will quickly reveal your open sshd
> to someone who actually wants to get into _your_ system.  Perhaps that will
> never happen to you?  Fair enough then.

My logs for the last (time flies :-) 5 years shows NO login attempts.
Before I used non standard port there were 100s to 1000s per week about 1/3 to 
root the rest random names.
Root is WithOutPassword so even if you know my root passwd you can't get in 
:-)
My passwords are secure (small pool of users), so I'm pretty comfortable.

Now, say, a school LTSP server with internet (direct) access, now THATs silly.
But behold ssh tunneling which makes any (legitimate) scenario feasible

eg

[internet]-----------------------------[AnotherServer]
                                                            |
                                                            |
                                                 [LTSP Server]

>From internet login to AnotherServer then login to LTSP Server

>From internet add port 1234 to 22 on LTSPServer via AnotherServer
ssh -L 1234:LTSPServer:22 [EMAIL PROTECTED]
ssh -p 1234 localhost gets the LTSPServer

All of which says your orriginal need to access the LTSP machine from the 
internet is probably not what it was described as ie not needed as other ways 
are more secure and simpler.

James

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_____________________________________________________________________
Ltsp-discuss mailing list.   To un-subscribe, or change prefs, goto:
      https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help,   try #ltsp channel on irc.freenode.net

Reply via email to