Tugger the SLUGger!SLUG Mailing List Archives

Re: Compromised Linux box stories (Re: [SLUG] upgrading complicated installs

Dean Hamstead wrote:

Denyhosts is a great daemon/cronscript that will manage hosts.allow for your ssh server. you can set thresholds and instant triggers etc which will result in that ip being blocked.

Also, can't one use a TCP wrapper with ssh? Either way, it does compromise
one of the beauties of working on the Internet. When I head up north
for a break, for example, and need to access the server, heaven knows
what my IP will be when away from home.

There is a "door knocking" technique that was discussed a couple of years
ago on this list to allow you to "tap tap tap" the server ask it to
let you in temporarily. More work of course.

Also, you could turn off password auth and just use keys.

Yup. Great idea.


Rick Welykochy || Praxis Services || Internet Driving Instructor

The user's going to pick dancing pigs over security every time.
     -- Bruce Schneier