Re: [Fedora] Seeing input on Securing the Linux system from intrusions and attacks.

---

• From: Tom Horsley <tom.horsley@xxxxxxx>
• Date: Thu, 27 Dec 2007 15:10:07 -0500

---

On Thu, 27 Dec 2007 11:10:47 -0800
"Daniel B. Thurman" <dant@xxxxxxxxx> wrote:

Does anyone have any advice, links to great sites focused on security
and how to secure your linux box against intrusions and attacks?

Well, what I'm doing is this:

1. My system is hooked to an external router/firewall combo with
only port 22 (sshd) open and forwarded to it.

2. My sshd_config file is setup to disable all forms of authentication
except for public key, and the only valid public key file is
encrypted on my system at work (with a passphrase only I know that
isn't written down anywhere).

3. My /etc/hosts.allow and /etc/hosts.deny files are setup so that
only the IP address of my work system (or the address it appears to
have after it gets through the corporate firewall) is allowed
to ssh in.

This winds up with a few lines like this appearing in the security
log every day:

sshd[14989]: refused connect from u16-159.static.grapesc.cz (::ffff:82.100.16.159)

Of course, this all works for me where I just want to be able to
get into my home system from work, and don't have a public server
I actually want folks to access. If I need anything more than ssh,
I can always use port forwarding through ssh to get to other things.

One other gimmick: Within my local network at home, I don't want such
restrictions as only public key, so with the latest sshd in fedora 8,
I can use a "Match" directive to allow more kinds of authentication
within my local home network.

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

---

• References:
  • [Fedora] Seeing input on Securing the Linux system from intrusions and attacks.
    • From: Daniel B. Thurman

• Prev by Date: Re: how to jigdo download a fedora 8 re-spin in one easy step?
• Next by Date: Re: Network scanner?
• Previous by thread: [Fedora] Seeing input on Securing the Linux system from intrusions and attacks.
• Next by thread: Re: [Fedora] Seeing input on Securing the Linux system from intrusions and attacks.
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: ssh ... ssh can use DSA or RSA keys for authentication. ... public key can decrypt. ... is significantly smaller than that for ssh RSA/DSA keypairs. ... host to capture the key (either an unprotected key or a capture of your ... (Vuln-Dev) Re: Six Kerberos/OS X/SSH observations and questions ... >>3) I've had public key SSH logins working well between all three boxes ... > Kerberos has the following advantages, which may or may not be of interest ... > has been using public key pairs for authentication, ... (comp.security.ssh) Re: ssh ... Assuming that I use strong passwords, is password auth using ssh2 sshd ... > ssh can use DSA or RSA keys for authentication. ... > public key can decrypt. ... > is significantly smaller than that for ssh RSA/DSA keypairs. ... (Vuln-Dev) RE: [SLE] ssh problem ... SuSE 9.1 Professional has a very limited set of authentication ... this includes "Keyboard Interactive" and "Public Key". ... > lot of trouble setting up ssh. ... (SuSE) Re: IPSEC with non-domain Server ... with kerberos performing digital signature validation using the on-file ... public keys for "something you have" authentication. ... there is a business process defined called public key ... ... the total stranger has gone to a certification ... (microsoft.public.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

linux.derkeiler.com  > Mailing-Lists  > Fedora  > 2007-12