[olug] Help w/ my server

David Cannon medaveduh at gmail.com
Mon Jul 23 22:03:55 UTC 2012

Not sure if this helps at all but I set up private key encryption on mine
and just turned off password auth entirely.
I put the key on a 1GB flash drive with putty and winscp.
On Jul 23, 2012 4:59 PM, "Lou Duchez" <lou at paprikash.com> wrote:

> On 7/23/2012 5:56 PM, Christopher Cashell wrote:
>> On Mon, Jul 23, 2012 at 4:51 PM, Lou Duchez <lou at paprikash.com> wrote:
>>> I would also change the default ssh port. Yes it is security by
>>>> obscurity, but it does block virtually all the bots from guessing your
>>>> password(if you have it enabled). I have disabled root ssh logins; if
>>>> root tries to log in, they will get an "auth failed" msg even if they
>>>> have put in the correct pw. You might also consider disabling remote
>>>> ssh password logins.
>>> I run Fail2Ban on my various servers, and I think all but one of them are
>>> running SSH on non-default ports.  Coincidentally enough, the only server
>>> where I ever -- EVER -- get SSH hacker alerts is the one where SSH is
>>> running on the default port.
>> fail2ban is a great program for a lot of things, but there are better
>> ways to secure SSH on Linux.
>> In your IPTables config, use the following line as your "allow ssh" line:
>> -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m limit
>> --limit 1/min --limit-burst 4 -j ACCEPT
>> Now you have built-in protection against brute-force attacks at the
>> kernel-level, without relying on an external program, or recognizing
>> the failed logins later via log watching.
> That is swank, thank you!
> ______________________________**_________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/**mailman/listinfo/olug<https://lists.olug.org/mailman/listinfo/olug>

More information about the OLUG mailing list