On 11/25/2012 10:51 AM, James Harrison wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Best approach is not to use passwords - SSH keys are simple to set up > and you can disable password authentication in sshd, which makes your > system practically uncrackable.
Took the words right out of my mouth. The other thing I like to do is disable ssh 1 and ssh to root. If you need root access from afar, ssh to a non-privileged account then "su -" to gain root. > Fail2ban is also an excellent program to run - it will automatically > block in iptables anything that fails to login more than a few times, > which stops most automated bots. As a further step, you could set up an openVPN server and not expose your rivendell box to inbound internet traffic at all. You create a tunnel to the openVPN server then you're 'local' and can ssh to the rd host. Linux Journal had a great three part write-up on this a few years back in the Paranoid Penguin column. (The ssh/openVPN part, not the rivendell part.) Best of luck with the cleanup... ...Kevin -- Kevin Miller - http://www.alaska.net/~atftb Juneau, Alaska In a recent survey, 7 out of 10 hard drives preferred Linux Registered Linux User No: 307357, http://linuxcounter.net _______________________________________________ Rivendell-dev mailing list [email protected] http://lists.rivendellaudio.org/mailman/listinfo/rivendell-dev
