[colug-432] SSH
R P Herrold
herrold at owlriver.com
Thu Mar 10 08:51:05 EST 2011
On Wed, 9 Mar 2011, Richard Troth wrote:
> port. I hate it. There are other ways to defend. I may use one or
> more of them in the future (eg: maybe port knocking).
I find less cumbersome and better: fail2ban
which permits adding 'whitelist ranges' so that one does not
lock oneself out
and moving to certificate based authentication _only_ as to
external network access, totally disabling password based
access. See a hardening outline I wrote at:
http://www.pmman.com/usage/hardening/
I still need to write the last piece about the management of
the ssh_config file:
~/.ssh/config
but it solves almost all remaining secure authentiation needs
-- Russ herrold
More information about the colug-432
mailing list