Joe <joe@jretrading.com> wrote in news:qwvtaNEIVAEBFw5e@jretrading.com:

>>>> I fall into this camp. I have a LinkSys firewall with all ports
>>>> shutdown and set to timeout instead of reject. All except SSH
>>>> on port 22. How exposed am I? I see failed login attempts in
>>>> /var/log/messages almost daily. Should I be doing more to secure
>>>> my box (RH9)? I really like being able to ssh back home from work
>>>> so I'd rather leave the ssh port open.
>>>
>>> While you can't ever have perfect security without yanking out the
>>> modem/wireless/usb/whatever, it doesn't hurt to use additional
>>> defensive measures, i.e. "defense in depth".
>>
>>Agreed. So limiting open ports to just ssh is a step in the right
>>direction?
>
> Yes, certainly. While OpenSSH has had a few bugs in recent years, I
> believe none of them were remote exploits, i.e. someone has to get into
> a valid account first. If ssh is locked down, this should not be
> possible.

Excellent. I'm up2date on the ssh RPM so hopefully I'm okay.

>>Good question. My valid ssh connects are limited to a couple of domains
>>so I'll limit the acceptable domains to just those I know I use. I'll
>>have to read up on hosts.allow and how it pertains to incoming ssh.
>
> If you're allowing access to ssh only using iptables, as I would assume,
> you can also use iptables to limit the hosts allowed to connect. But use
> hosts.allow/deny as well. Finally, you can limit the users allowed to
> connect, in the sshd config file. Never allow root, and this has a
> separate config option.

I don't know if I am. I just enabled sshd and off I go. I'll attempt to
set hosts.deny to ALL:ALL and then allow the domains I trust via
hosts.allow. How would I check iptables in RedHat 9?

Thank you.

--
- Mark ->
--