[wellylug] Securing my ssh box
Jethro Carr
jethro.carr at jethrocarr.com
Wed Aug 23 10:16:27 NZST 2006
On Tue, 2006-08-22 at 22:28 +0100, Jim Cheetham wrote:
> On Tue, Aug 22, 2006 at 01:29:04PM +0100, Hong Chyr wrote:
> > I'm trying to secure my linux box, accessible via ssh by using public key
> > authentication. I read in an article that by enabling public key auth and
> > disabling password auth, it will secure the ssh access.
Public keys are more secure than passwords, PROVIDING that the keys are
kept secure. If the key gets compromised, your server is wide open.
If you connect to the web via a static IP, you should consider setting
the server to only permit that IP, and to drop traffic from all other
IPs to SSH. This is one of the easiest and more reliable security
changes you can make.
But it also has risk - if you screw it up, you could get locked out from
your server.
If you feel worried about that, when you are setting up your firewall,
make a cron job to reset it in 1 hour. That way, if you f*sk up, and get
locked out, an hour later, it will reset the firewall to the previous
state.
cheers,
--
Jethro Carr
www.jethrocarr.com
www.jethrocarr.com/index.php?page=cv/cv.php
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
Url : http://lists.wellylug.org.nz/pipermail/wellylug/attachments/20060823/a932861c/attachment.pgp
More information about the wellylug
mailing list