OT: Security....
STYMA, ROBERT E (ROBERT)
stymar at lucent.com
Thu Oct 28 14:24:19 UTC 2004
...
> Don't use port 22. Choose a 'random' high port. If that won't work
> for you, e.g. you need access to your machine from behind a customer's
> firewall that blocks most outgoing ports, use some other port that
> they do allow and is not commonly scanned.
...
Be careful about using ports other than 22. Some firewall/routers that
use NAT will not work with ports other than 22. They have to leave port
22 un'NAT'ed.
Also, unless you are running a University or something where people will
be ssh'ing from all over the place, you can use /etc/hosts.allow and
/etc/hosts.deny to limit who even gets to the login prompt. If you are
supporting teleworking, you can limit the /etc/hosts.allow to the
IP address ranges used by the local cable and DSL providers. Others
can be added as needed. This will cut off the attacks coming from other
random places. If you are just going from work to home (tele-homing),
you can really lock things down to just your machine at work. The hacker
sitting at your machine will have more trouble guessing your password while
you are beating them over the head with your coffee cup. :-)
Robert E. Styma
Principal Engineer (DMTS)
Lucent Technologies, Phoenix
Email: stymar at lucent.com
Phone: 623-582-7323
FAX: 623-581-4390
Company: http://www.lucent.com
Personal: http://www.swlink.net/~styma
More information about the fedora-list
mailing list