Re: SSH safety

From: Leonard Isham (leonard.isham_at_gmail.com)
Date: 11/14/04

Next message: Rick Meyer: "Core 3 Mirror want to test"

Previous message: Andrea Cerisara: "Re: src.rpm with source patches"
In reply to: Tom Diehl: "Re: SSH safety"
Next in thread: J.L. Coenders: "Extended question: SSH safety"
Reply: J.L. Coenders: "Extended question: SSH safety"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Sun, 14 Nov 2004 06:15:17 -0500
To: For users of Fedora Core releases <fedora-list@redhat.com>

On Sun, 14 Nov 2004 02:48:19 -0500 (EST), Tom Diehl <tdiehl@rogueind.com> wrote:
> On Sun, 14 Nov 2004, J.L. Coenders wrote:
>
> > Hi,
> > I was wondering how safe it is to open the ssh port up to the internet. I am
> > behind a router which is firewalled to block all traffic, unless I open it up
> > and route it to my computer. Is it safe to open ssh up to the internet, so I
> > can run applications of my home computer over the internet?
>
> Depends on how paranoid you are. Every open port creates some risk. Generally
> speaking ssh is fairly secure but there have been exploits found in it in the
> past. As long as you keep things up2date you should be OK. You can as others
> will suggest move the port ssh runs on to a non-standard port which means that
> the scripts that run everyday looking for weak passwds and known exploits will
> not know where to look. You can also disable root logins via ssh among other
> things, depending on your level of paranoia.
>
> HTH,
>
> Tom

There are alot of script kiddies running automated brute force attacks
against port 22. There is quite a long thread about this in the
archives.

*Do* disable root login.
*Do* limit allowed login IDs
*Do* use strong passwords
*Do* keep your systen updated to avoid any security vunerabilities

If you do get broken into:

Check for rootkits and if one is found:
Boot to from a live cd or rescue cd
Backup your *data only*
Wipe the hard drive and do a clean install

-- 
Leonard Isham, CISSP 
Ostendo non ostento.
-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list

Next message: Rick Meyer: "Core 3 Mirror want to test"

Previous message: Andrea Cerisara: "Re: src.rpm with source patches"
In reply to: Tom Diehl: "Re: SSH safety"
Next in thread: J.L. Coenders: "Extended question: SSH safety"
Reply: J.L. Coenders: "Extended question: SSH safety"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages

Re: OpenSSH 3.4p1 Trouble on SCO 5.0.5?
... and I mean *NO* business having any direct exposure to the Internet. ... If you have to run services like SSH to it, it should be through an external firewall with some sort of logging, and preferably not run popular services like SSH on port 22. ... It looks like normal port scanning by crackers. ...
(comp.unix.sco.misc)
Re: Tunnneling?
... >> might be able to do something temporarily using ssh and port forwarding. ... > I don't have a machine with a real IP on the internet on my network. ... > That could theoretically be set-up for a tunnel or something like that... ...
(comp.os.linux.networking)
Re: iptables forwarding question
... > firewall for my cable internet. ... > currently have a small iptables setup going to forward all the machine ... You want to be able to use regular SSH to connect to any one of these ... SSH uses port 22 - of which you have only one. ...
(comp.os.linux.networking)
Re: ssh gives "Permission denied, please try again"
... port 22 on your internal machine, so you will need to keep ssh up to ... I configure the router to forward a different external port to 22 on my ... For good measure pick usernames that are none obvious, ... root/password: 163 times ...
(uk.comp.os.linux)
[NEWS] SSH service at Dell DRAC4 Denial of Service (Mocana)
... SSH service at Dell DRAC4 Denial of Service ... Dell Remote Access Card 4 allows customers to effectively manage ... After the use of such a port scanner, ...
(Securiteam)