[kwlug-disc] Tightening up SSH

Johnny Ferguson hyperflexed at gmail.com
Mon Jul 19 09:40:41 EDT 2010


If I were to disallow remote root, would this also prevent me from using 
sudo?

I've set up my home desktop for wake-on-lan, and I like being able to 
shut it off too (which I think needs a sudo).

-Johnny

On 07/19/2010 08:55 AM, Dave Cramer wrote:
> On Mon, Jul 19, 2010 at 8:37 AM, Johnny Ferguson<hyperflexed at gmail.com>  wrote:
>> I'm relatively new to SSH, though I've come to love it very quickly.
>>
>> Recently I've been seeing a lot of activity in /var/log/auth.log (of the
>> sshd sort). Sometimes 5 straight hours of brute force attacks. I've
>> currently only whitelisted a single user. While I feel reasonably safe and
>> nothing has cracked yet, I live in constant fear of my account getting
>> cracked open, at which time it would take no more than:
>>
>> sudo rm -rf /
>>
>> SO, just wondering what advice anyone could offer on hardening SSH. I might
>> be a little paranoid, but I think it's still in the range of being healthy.
>>
>> -Johnny
>>
>
> paranoid level
>
> do not allow root login
> only allow ssh keys to login
>
> super paranoid
>
> the above plus
>
> do not allow remote root access
>
> Dave
>
> _______________________________________________
> kwlug-disc_kwlug.org mailing list
> kwlug-disc_kwlug.org at kwlug.org
> http://astoria.ccjclearline.com/mailman/listinfo/kwlug-disc_kwlug.org




More information about the kwlug-disc_kwlug.org mailing list