SLUG Mailing List Archives
Re: Compromised Linux box stories (Re: [SLUG] upgrading complicated installs
- To: Dean Hamstead <dean@xxxxxxxxxxxxxxx>
- Subject: Re: Compromised Linux box stories (Re: [SLUG] upgrading complicated installs
- From: Rick Welykochy <rick@xxxxxxxxxxxxx>
- Date: Tue, 03 Jun 2008 14:53:55 +1000
- Cc: slug@xxxxxxxxxxx
- User-agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:18.104.22.168) Gecko/20080313 SeaMonkey/1.1.9
Dean Hamstead wrote:
Denyhosts is a great daemon/cronscript that will manage hosts.allow for
your ssh server. you can set thresholds and instant triggers etc which
will result in that ip being blocked.
Also, can't one use a TCP wrapper with ssh? Either way, it does compromise
one of the beauties of working on the Internet. When I head up north
for a break, for example, and need to access the server, heaven knows
what my IP will be when away from home.
There is a "door knocking" technique that was discussed a couple of years
ago on this list to allow you to "tap tap tap" the server ask it to
let you in temporarily. More work of course.
Also, you could turn off password auth and just use keys.
Yup. Great idea.
Rick Welykochy || Praxis Services || Internet Driving Instructor
The user's going to pick dancing pigs over security every time.
-- Bruce Schneier