Re: security advice wanted for home server

[Dmitry Nedospasov <russo091@gmail.com>]

I would use public key and fail2ban

D.

On Feb 27, 2009, at 14:05 , Tom Allison wrote:

> Better to use public/private key authentication than to rely on  
> passwords.
>
> On Feb 27, 2009, at 7:41 AM, Sébastien NOBILI  
> <sebnewsletter@free.fr> wrote:
>
> > Le vendredi 27 février 09 à 10:43, andy baxter a écrit :
> > > I can make sure that the server doesn't have any incoming ports open
> > > except http and ssh)
> >
> > I would use another port than 22 for the SSH. If your machine's  
> > ports are
> > being scanned and it appears port 22 is open, then you'll probably  
> > have a
> > lot of brute-force attacks to SSH.
> > Personally, I redirected on my router a high port number (1234, for
> > example) to port number 22 of my home server. No more brute-force  
> > attacks.
> >
> > Just in case you didn't think about it, restrict SSH access to  
> > certain
> > users, in /etc/ssh/sshd_config :
> >   PermitRootLogin no
> >   AllowUsers your_login
> >
> > > andy.
> >
> > Seb
> >
> >
> > --
> > To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>
> --
> To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org