Re: How can I secure a Debian installation?

[Joe <joe@jretrading.com>]

On Mon, 27 Jan 2014 23:51:01 -0800
Jon Danniken <danniken@q.com> wrote:

> On 01/27/2014 09:41 PM, Scott Ferguson wrote:
> >
> > Keep updated, subscribe to the security list, read and follow the
> > fine manual:-
> > https://www.debian.org/doc/manuals/securing-debian-howto/
> 
> Thanks Scott, that's just what I was looking for.
> 

And so was Raffaele's reply. If you will be using ssh from outside, set
up keys and disable the use of passwords. Use a good password or phrase
on the private key, and keep it on a USB stick away from the laptop.
Laptops are easy to lose. If you need to use Windows, then make the
keys in puTTY, because as far as I know, puTTY still can't use OpenSSH
private keys but can make public ones.

My recommendation would be to run sshd on a high port number. Before the
usual chorus jumps in, I know *that* *does* *not* *improve* *security*,
but it certainly gives you cleaner log files. Though over a number of
years, I've had vastly more attempts to connect to port 22 than
full-spectrum port scans (in fact I've never had one of the latter) and
I am forced to conclude than in my personal case, it *does* improve
security. But put your trust in good keys, the bots are all looking to
do password attacks.

-- 
Joe