[CentOS] Securing SSH

Tue Mar 25 18:59:59 UTC 2008
David Mackintosh <David.Mackintosh at xdroop.com>

On Tue, Mar 25, 2008 at 11:28:45AM -0700, Tim Alberts wrote:
> >http://wiki.xdroop.com/space/Linux/Limited+SSH+Access
> >  
> That sounds great for getting around a remote dynamic IP address, but 
> some more authentication/security on that web page is necessary, 
> otherwise, anyone who finds that web page is given access?

Strictly speaking, yes; however in practice, the number of bots (or,
indeed, external users who are not me) who the magic web page to hit
(my actual page is not named as the example on the web page is!)
before attacking the ssh connection is zero; therefore since the goal
was to prevent stupid robots from brute-forcing my ssh and filling my
logs, it isn't necessary.  

I mean, strictly speaking you'd next have to insist on a proper SSL
connection to the web server, otherwise you are at risk of someone
sniffing the username and password used in the .htaccess process. 
And then after that, you'd have to insist on some kind of security on
the remote system to ensure that your passwords are not being
captured.  Etc, etc.  

-- 
 /\oo/\
/ /()\ \ David Mackintosh | 
         dave at xdroop.com  | http://www.xdroop.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/centos/attachments/20080325/a6f2e453/attachment-0005.sig>