On Fri, Oct 01, 2004 at 07:55:09PM -0400, Ralph Katz wrote: > Date: Fri, 01 Oct 2004 19:55:09 -0400 > From: Ralph Katz <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Re: SSH Cracking Attempts > > On 10/01/04 03:30, Alexei Chetroi wrote: > ... > > > If you are desktop user, do you really need ssh access from > >everywhere? If you need access to your machine from home, for example, > >define IP range of your ISP in /etc/hosts.allow for ssh or shutdown sshd > >entirely. > > > Linux, with cool features like ssh, really spoils one! No, I don't need > it from everywhere, but my roving laptop users login from varying > locations. Since one of them provides my tech support on the rare > occasion when I need it, ssh is a nice feature to enable. Ok, if there're many locations, it could be difficuilt to update hosts.allow. (IMHO maintaining access to ssh from specific hosts/nets, is far better than allowing it from everywhere in case there's an unknown remote exploit in sshd).
In case there're no many users on your machine, make sure their passwords are strong enough, so it couldn't be guessed. Or disallow password login, leaving only key based authentication. Or run sshd on port different from 22, I don't think those scaners scans entire port range for ssh. -- Alexei Chetroi -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
