[CentOS] securing a remotely hosted machine

Sun Aug 22 17:04:55 UTC 2010
Robert Spangler <mlists at zoominternet.net>

On Friday 20 August 2010 10:55, Brunner, Brian T. wrote:

> 2: Log-ins through firewall allowed only from approved IPs/MACs
> regardless of possession of correct password.

One can never guarantee that they will be a at the approved IP/MAC Address 
when issues arise.  For this reason I would use SSH-Keys for access to the 
machine.  I would also move the port to something other then the default port 
and block 22 at the firewall.  After that I would run something like fail2ban 
and drop any IP Address that fails to log in on the new port should that port 
be discovered by unauthorized persons.


-- 

Regards
Robert

Linux
The adventure of a life time.

Linux User #296285
Get Counted
http://counter.li.org/