From: Heinz Sporn <heinz.sporn@sporn-it.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Reaching my network over the internet
Date: Mon, 17 Oct 2005 06:52:46 +0200 [thread overview]
Message-ID: <1129524766.10175.8.camel@spok.local.sporn-it.com> (raw)
In-Reply-To: <200510162127.23179.dnebinger@joat.com>
Am Sonntag, den 16.10.2005, 21:27 -0400 schrieb Dave Nebinger:
> On Sunday 16 October 2005 09:18 pm, Nick Rout wrote:
> > no, you just type:
> >
> > ssh my.network.com
> >
> > Depending on your setup you will probably need to set your
> > firewall/router to forward port 22 to the machine you want to log into.
> > Also make sure your ssh server is set up securely.
>
> This last statement really needs to be highlighted for all of the newbies out
> there...
>
> Just opening port 22 will expose your system to attempted break-ins. If you
> look at your authorize.log (or relevant log depending upon your syslog
> config), you'll see after a couple of days different systems accessing ssh an
> trying to log in as root and/or other users.
Just wanted to second that strongly. I'm hooking up firewalls to the net
pretty much on a daily base. The average time it takes until the first
random port scan hits a brand new box is 15 seconds - at least within
the areas my customers reside. BTW my highscore is 2 seconds ;-)
So running SSH on high-ports plus using RSA for me is pretty much a
must. Anyway - the preferred way to remotely access a box should be via
VPN IMHO.
>
> Unless you really feel comfortable with your own security infrastructure, your
> best bet is to edit your /etc/ssh/sshd_config file and change the port number
> to only something you'd think of in the higher range of port numbers.
>
> It will still be open, you'll still be able to hit the box from anywhere
> outside your network, but the different port number ensures that random port
> scans and breakin attempts will be significantly lower than if you just tried
> to use standard port #22.
--
Mit freundlichen Grüßen
Heinz Sporn
SPORN it-freelancing
Mobile: ++43 (0)699 / 127 827 07
Email: heinz.sporn@sporn-it.com
heinz.sporn@utanet.at
Website: http://www.sporn-it.com
Snail: Steyrer Str. 20
A-4540 Bad Hall
Austria / Europe
--
gentoo-user@gentoo.org mailing list
next prev parent reply other threads:[~2005-10-17 4:57 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-10-16 16:59 [gentoo-user] Reaching my network over the internet Grant
2005-10-16 17:16 ` [gentoo-user] " Gabriel M. Beddingfield
2005-10-16 18:01 ` Grant
2005-10-16 18:13 ` John Jolet
2005-10-16 20:44 ` Jonathan Wright
2005-10-17 0:32 ` John Jolet
2005-10-17 8:09 ` Jonathan Wright
2005-10-20 15:37 ` Grant
2005-12-29 23:23 ` Ryan Viljoen
2005-10-17 1:18 ` [gentoo-user] " Nick Rout
2005-10-17 1:27 ` Dave Nebinger
2005-10-17 2:21 ` Nick Rout
2005-10-17 4:52 ` Heinz Sporn [this message]
2005-10-17 8:03 ` Neil Bothwick
2005-12-29 17:28 ` Grant
2005-12-29 20:19 ` Stroller
2005-12-29 21:51 ` Robin
2005-12-29 22:30 ` Grant
2005-12-29 22:42 ` Stroller
2005-12-29 23:13 ` Grant
2005-12-29 23:18 ` Grant
2005-12-30 0:16 ` Stroller
2005-12-29 23:26 ` Ryan Viljoen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1129524766.10175.8.camel@spok.local.sporn-it.com \
--to=heinz.sporn@sporn-it.com \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox