[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] SSH



Rick O'Dell wrote:

I'm running Postfix on a k12ltsp 4.01. Log Watch for mail logs an
unauthorized user trying to login. It list dozens of passwords they have
tried. I have dumped the Ip address into host deny file, but next day a new
ip address (possibly on a dialup). My question is, what if I disable SSH or
is this a no no??????? What are the adverse effects to me???



No problem. Just use a little iptables magic, like so:


iptables -A INPUT -i eth1 -p tcp --source w.x.y.z --destination-port 22 -j ACCEPT
iptables -A INPUT -i eth1 -p tcp --destination-port 22 -j DROP


This assumes that you're accessing your K12LTSP server from IP address w.x.y.z, and that eth1 is what's touching the Internet.

Also, of course, make sure that your OpenSSH and OpenSSL are up to the latest rev (currently 3.9p1 and 0.9.7d, respectively).

But that doesn't stop folks from making SMTP or other connections to your mail server. I'm assuming that you're using IMAP, POP3, or SMTP AUTH. Due to the fact that anyone from anywhere can send you email (e. g. this list), then the best thing I can recommend is requiring strong passwords for your users and staying up on your security patches. I also run Postfix, in my case with SMTP AUTH. Plenty of folks are repeatedly trying to log into my mail server (I use Courier-IMAP). I stay up on my patch levels and enforce strong passwords. Crackers haven't gotten in yet (knock on wood!).

Hope this helps,

--TP
_____________________
Do you GNU!? <http://www.gnu.org>
Be virus- and spam-free with Free/Open Source Software (FOSS). Check it out! <http://www.mozilla.org/thunderbird>



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]