Logins from the internet...
This is a discussion on Logins from the internet... within the Linux Security forums, part of the System Security and Security Related category; I have 4 machines on my side of my router on a DSL pipe. On my local area network side, ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
03-22-2005
|
|||
|
|||
Logins from the internet...
I have 4 machines on my side of my router on a DSL pipe. On my local
area network side, I want to be able to remotely log in to my linux box to do file transfers. Maybe later, to administer the linux box from another machine on the LAN. For now, I do not want any external access through my router to my linux box (IE, nothing from the InterNET). What are the settings that prevent such access to my linux box from malicious users who manage to hack their way through my router to the linux box? I have edited my /etc/ssh/sshd_config file, enabling only the following 2 lines: PasswordAuthentication yes PermitRootLogin no Does doing what I've done make me more vulnerable in any way to cyber attack? The way I understand it, {"PasswordAuthentication yes" allows you to login with a password instead of requiring an ssh key. #AND# "PermitRootLogin no" prevents root from logging in remotely. My reason for making these mods was to allow remote logins to be performed from local window$ machines on my LAN - that's all I wanna allow. I was able to use Putty psftp to ftp some files from window$ machine on LAN to linux box. I have yet to try pscp from the window$ box. I thought it necessary to make these mods before it would work. Am I right? Wrong? In danger??? 
|
|
03-23-2005
|
|||
|
|||
|
Re: Logins from the internet...
On Tue, 22 Mar 2005 17:12:51 -0500, MLH wrote:
> The way I understand it, {"PasswordAuthentication yes" allows you to > login with a password instead of requiring an ssh key. #AND# > "PermitRootLogin no" prevents root from logging in remotely. PasswordAuthentication defaults to yes, thus you could omit that. > My reason for making these mods was to allow remote logins to be > performed from local window$ machines on my LAN - that's all I wanna > allow. Then just don't forward any port in your router. (But maybe modify /etc/hosts.{allow,deny} to your likings too.) > I was able to use Putty psftp to ftp some files from window$ machine on > LAN to linux box. I have yet to try pscp from the window$ box. I thought > it necessary to make these mods before it would work. Am I right? Wrong? > In danger??? Well, i would worry (a hell of a lot) more about the security of your window$ boxen then the server-settings of the Linux one. Since any virus, worm or trojan those machines may well be infected with, will be able to keylog your login, or otherwise lift on connections you initiate from it. -- -Menno.
|
Linear Mode
