Actually, to start I wouldn't worry about denyhosts or fail2ban or public key authentication if it's too overwhelming. Just pick a strong password and stay up on downloading updates and you'll be fine to start. Figure out the other stuff later.
Bryan On Jan 26, 2008 7:52 AM, Bryan Murdock <[EMAIL PROTECTED]> wrote: > On Jan 25, 2008 8:43 PM, Daniel <[EMAIL PROTECTED]> wrote: > > One thing I would strongly advise doing is install denyhosts or > > something similar. This will prevent against ssh attacks on your > > computer. > > I've been happy with fail2ban. I would also suggest that you don't > allow PasswordAuthentication, just PubkeyAuthentication (these are in > your /etc/ssh/sshd_config file). Look for tutorials on creating your > key pairs (or ask us). > > > > > I would also use a port other than 22 so that it makes it harder to find. > > Just use port 22. With fail2ban and no password authentication, you > are probably just as safe using the standard port and it's less > hassle. Any bad person will know how to scan for whichever > non-standard port you choose anyway. > > > > > All of this is a moot point if you don't use a static ip address for > > your computer. > > You don't need a static IP. Use dyndns or a similar service. > > Bryan > -------------------- BYU Unix Users Group http://uug.byu.edu/ The opinions expressed in this message are the responsibility of their author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG. ___________________________________________________________________ List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/newbies
