Re: OT-ish F9 Laptop\USB-Stick CentOS5.x Server SSH Access
- From: edik077@xxxxxxxxx
- Date: Sat, 30 Aug 2008 06:36:55 -0700
If you followed the default installation and set up the firewall. It
will only allow ssh & other services that you have configured. If you
set up this box as http server it should have enabled that as well. I
would advise you to run:
iptables -L # to see what is allowed or not
If you have other ports open that you don't need, run:
service-config-securitylevel or system-config-securitylevel-tui #this
will allow you to do it on an easy prompt driven way if you don't want
to create a script with iptables commandns on it that you can modify
as you wish and reload accordingly as I do on my boxes
regards
On Sat, Aug 30, 2008 at 4:04 AM, Tim <ignored_mailbox@xxxxxxxxxxxx> wrote:
On Sat, 2008-08-30 at 09:59 +0100, Frank Murphy wrote:
I mean only allow ssh access from those two scenarios,
my laptop + an F9 usb-stick.
because there are attempts by "fluffy" and other(s) to access the box.
Well, if your own computers are from fixed IPs, you can set those into a
list of IPs allowed to connect. However, that doesn't stop someone else
who's able to get the same IP from trying.
Good passwords, and only using the newer SSH2 protocol, makes it damn
hard for anyone else to get in. They can try, and that's about it.
Something like fail2ban will automatically firewall off someone who
tries and fails, so they don't get to try again. There's a few of those
sort of things, which will auto-blacklist addresses for a while. It
could be a permanent blacklist, but you'd only want to do that if there
was no chance of accidentally locking yourself out.
Look into finding and using fail2ban. I think that's your best way to
handle it.
--
[tim@localhost ~]$ uname -r
2.6.25.14-108.fc9.i686
Don't send private replies to my address, the mailbox is ignored. I
read messages from the public lists.
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
--
Ed Landaveri
GNU/Linux User 433512
http://counter.li.org
"Free as in Freedom"
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
- References:
- OT-ish F9 Laptop\USB-Stick CentOS5.x Server SSH Access
- From: Frank Murphy
- Re: OT-ish F9 Laptop\USB-Stick CentOS5.x Server SSH Access
- From: Tim
- Re: OT-ish F9 Laptop\USB-Stick CentOS5.x Server SSH Access
- From: Frank Murphy
- Re: OT-ish F9 Laptop\USB-Stick CentOS5.x Server SSH Access
- From: Tim
- OT-ish F9 Laptop\USB-Stick CentOS5.x Server SSH Access
- Prev by Date: Re: Ping KDE users
- Next by Date: Re: Linksys WRT54G2
- Previous by thread: Re: OT-ish F9 Laptop\USB-Stick CentOS5.x Server SSH Access
- Next by thread: Re: OT-ish F9 Laptop\USB-Stick CentOS5.x Server SSH Access
- Index(es):
