On Thursday 28 April 2005 06:33 am, Mike Hoy wrote:
> Hi,
>
> i just set up a new server with FC3. after reading george toft's
> presentation on security i thought it would be a good idea. i had
> gentoo installed and probably it was being hacked all the time, i don't
> know.
>
> today in my new install of FC3 i was told as root that i 'had new
> messages', in /var/spool/mail/root
> so i checked it out
> somebody has been trying to ssh into my acct with all kinds of
> usernames and apparently with no success. i'm told this is called ssh
> hammering and i need to setup iptables. I need to get started on
> tightening up security on this thing. My server runs a website and ssh
> will need to be running.
> my question: (i'm sure more to come)
> I was told I can set ssh up so that root can only access ssh from
> 127.0.0.1. how do i go about doing that. also how can i make my
> personal username have access to /whatever/apache/htdocs/* so I don't
> have to be root to edit things.
For ssh configuring, this looks like a pretty good guide:
http://www.siliconvalleyccie.com/linux-hn/ssh-server.htm
I have found that my dsl connection drops and changes my IP so much that
doing RSA keys, while more secure, was too painful (How to is explained
in the link above).
The best thing I did to stop login hammering was move ssh operate on a
high, non-standard port (also explained in the link above) instead of the
default 22. Check the list of ports here:
http://www.iana.org/assignments/port-numbers
Choose one that is above 1024 and not used much or at all. Then you have
to specify the port number when logging in remotely. Something like:
ssh -p NNNN server.name
Not too hard and the password hammers have stopped, at least for me.
Alan
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)