Re: locking down ssh

---

• From: Eirik Seim <eirik@xxxxxxxxx>
• Date: 31 Jan 2006 21:16:19 GMT

---

On Tue, 31 Jan 2006 13:03:12 -0600, brenda wrote:
> Hi,
>
> I am trying to lock down my pc connection to the internet
> 1) I have a nating router, with only port 22 open
> 2) The ssh server in on a fedora core 4 stock
> 3) I run yum nightly for updates

Do you read the logs? Or even any system/security logs? You'd
be surprised how many who don't do that.

> 4) the windows pc's are all running norton antivirus
> 5) in the sshd_config file I did the following:
>
> AllowUsers brenda@remoteip
> AllowUsers brenda@xxxxxxxxxx*

If you only need to access your server from a specific remote ip
address, you could (should!) block all others in your fw/router.
Also, consider the threat if someone took control of your server.
If protecting the rest of your internal computers is a priority,
the server offering services to the world should be in a separated
environment (DMZ).

> #AllowTcpForwarding yes

Do you need this?

> # no default banner path
> #Banner /some/path

Consider adding a banner with a suitable threathening message.

> Is there anything else I can do to lock the system down?

No matter how hard we try, there is always possible to do better.
Some wise man once said something I remember as "Once you've got
foolproof security, a more creative fool comes along". The message
basically is the same as always: Security is a process. If you do
it right, you're never done.

--
New and exciting signature!

.

---

• References:
  • locking down ssh
    • From: brenda

• Prev by Date: Re: to PFW or not to PFW
• Next by Date: Re: to PFW or not to PFW
• Previous by thread: Re: locking down ssh
• Next by thread: Urgent comments please
• Index(es):
  • Date
  • Thread

---

Relevant Pages OWA locking up my Server ... The Server will lock up completely once anyone has accessed OWA via the ... Internet and they start to open, forward or reply to their messages. ... OWA via our LAN causes no problems at all. ... (microsoft.public.exchange.misc) Re: Urgent! New router and big disaster ... The SBS DNS server, running on ... its IP it means that your problem is now DNS. ... forward ports to it reliably in the router. ... I should have been more clear about internet connection.. ... (microsoft.public.windows.server.sbs) Re: RWW Disconnecting ... I have been connected from a remote site for about 3 ... DHCP server and even a wireless access ... the key codes to for Internet access. ... Client Workstations} ... (microsoft.public.windows.server.sbs) Re: Urgent! New router and big disaster ... I checked the binding order and the Server Local area connection is at the top. ... I should have been more clear about internet connection.. ... I wonder if I may have missed a firewall setting on the router as well. ... (microsoft.public.windows.server.sbs) RE: remote access SBS 2003 Inop ... Since you know the problem is relate to RRAS (Routing and Remote Access ... On the SBS 2003 Server open the Server Management console. ... Click the "Connect to the Internet" link. ... Microsoft CSS Online Newsgroup Support ... (microsoft.public.windows.server.sbs)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.firewalls  > 2006-01