[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: sshd port config and security

On Friday 06 April 2001 17:31, Vinh Truong wrote:
> I have sshd set up on my machine at home.  Instead of the default
> port 22, I uninstalled telnetd and run sshd on 23.  I do this mostly
> because I want to ssh into my machine from work where they don't open
> port 22 on the firewall.
>  They do however allow telnet to the
> outside.

They allow telnet and not ssh? Nice!

> I have commented out everything in inetd.conf,

So you can turn it off.

> set up
> hosts.allow / hosts.deny so that only specific ips can connect.  I
> made sure using netstat -an that only port 23 was open.  I set up my
> hardware firewall to block all requests except for ones coming on 23.
>  For those, it is redirecting to my debian machine.  I configured
> sshd to allow only RSA key
> authentication and disabled root login.  I also increased the host
> key size to 1024.
> Is there anything else I can do to harden my setup, either on the
> firewall or on the server?

What about portmap? You can turn it off either and filter port 25 if 
you have a mail daemon running. In fact, you can drop all external tcp 
connections to ports below 1024 (except 23), and drop all SYN 
connections to ports above 1024. You can also filter ICMP. Check 
gShield (http://linuxmafia.org/~godot/gshield.html): it has very 
restrictive rules.


Reply to: