Re: security advice wanted for home server

[andy baxter <andy@earthsong.free-online.co.uk>]

Sébastien NOBILI wrote:
> Le vendredi 27 février 09 à 10:43, andy baxter a écrit :
>   
> > I can make sure that the server doesn't have any incoming ports open  
> > except http and ssh)
> >     
>
> I would use another port than 22 for the SSH. If your machine's ports are
> being scanned and it appears port 22 is open, then you'll probably have a
> lot of brute-force attacks to SSH.
>   
Is there any reason to do this given that I'm not planning to log in by
ssh from outside my local network? The only ports I'm thinking of
opening on the router's firewall are http and the port used by
bittorrent (I want to run torrentflux on the NSLU2, which is a web based
bittorrent client).
> Personally, I redirected on my router a high port number (1234, for
> example) to port number 22 of my home server. No more brute-force attacks.
>
> Just in case you didn't think about it, restrict SSH access to certain
> users, in /etc/ssh/sshd_config :
>     PermitRootLogin no
>     AllowUsers your_login
>
>   
I've done PermitRootLogin; thanks for mentioning the other one. I was
also trying:

ListenAddress 10.0.0.3

But this seemed to prevent even 10.0.0.3 from logging in, after a
'/etc/init.d/ssh restart'

Would ListenAddress 10.*.*.* (or 10.*) work?

Incidentally, at the moment, with only a base system installed, these
are the TCP/IP ports that are open:

dolphin:/etc/ssh# netstat -atu
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address
State
tcp        0      0 *:ssh                   *:*
LISTEN
tcp        0      0 dolphin.localnet:ssh    10.0.0.3:58300
ESTABLISHED
tcp        0      0 dolphin.localnet:ssh    10.0.0.3:37295
ESTABLISHED
dolphin:/etc/ssh#


andy