[TriLUG] SSH Probing...
lfwelty
lfwelty at redback.com
Wed Mar 13 12:05:57 EST 2002
Using RSA only will also help.
/etc/ssh/sshd_config:
RhostsAuthentication no
RSAAuthentication yes
PasswordAuthentication no
PermitEmptyPasswords no
And disallowing root logins should help:
PermitRootLogin no
- Note: You can still ssh in as a user su to root.
It's a little more work managing keys.
I feel its more secure.
F.
Jon Carnes wrote:
>
> Your rules look good - though I prefer to use ":input DENY" as my default,
> your 6th line down essentially does that... but only for tcp.
>
> Jon
> ----- Original Message -----
> From: "Greg Brown" <gregbrown at mindspring.com>
> To: <trilug at trilug.org>
> Sent: Wednesday, March 13, 2002 9:10 AM
> Subject: Re: [TriLUG] SSH Probing...
>
> > I'm still in learning mode when it comes to Linux and security but this
> talk
> > of ssh attacks has alarmed me somewhat. Would the following ipchains
> > configuration be considered "secure" in most cases (eth1 connects to the
> > cable modem and eth0 is the "inside" network interface)?
> >
> > :input ACCEPT
> > :forward ACCEPT
> > :output ACCEPT
> > -A forward -s 10.0.0.0/255.0.0.0 -d 0.0.0.0/0.0.0.0 -i eth1 -j MASQ
> > -A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 22:22 -p 6 -j ACCEPT
> > -A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 80:80 -p 6 -j ACCEPT
> > -A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 21:21 -p 6 -j ACCEPT
> > -A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -i eth1 -p 6 -j DENY -y
> > -A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 25:25 -i eth0 -p 6 -j
> ACCEPT
> > -A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 465:465 -i eth0 -p 6 -j
> ACCEPT
> > -A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -i eth0 -p 6 -j DENY -y
> >
>
> _______________________________________________
> TriLUG mailing list
> http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ:
> http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
--
------------------------------------------------------------------
Frank Welty | 15401 Weston Parkway, Suite 150
lfwelty at redback.com | Cary, NC 27511
Redback Networks | desk:919.678.2175 m: 919.264.7495
------------------------------------------------------------------
More information about the TriLUG
mailing list