Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. General Discussion (Legacy)
  4. Topic: Remote access
« previous next »
Pages: [1]   Go Down

Remote access

  • 3 Replies
  • 1009 Views

David

Remote access
« on: December 04, 2000, 07:22:47 PM »
I have a few questions I've been wonderign about for a few days. I have SSH (telnet) setup.  Should I really have access to ROOT from SSH remote? What is to stop from anyone else running a SSH telnet application and try to gain access to my machine this way?

As well with FTP and the login of  ADMIN, I've looked at my log files and I've seen someone attempt to gain access to my ADMIN account via FTP, now if they got in or not I have no idea since the log file doesn't really say if they did get access. Is there anywhat to stop this? The only time I would want access to this FTP account and SSH to root, is if it's from me and then only time I would want to gain access remotely to my machine is if I'm at work, I have a fix IP address at work, so is there anyway to build a IPCHAIN rule to limit such connection?
Logged

noah genner

RE: Remote access
« Reply #1 on: December 04, 2000, 08:24:45 PM »
David,
These are all pretty big issues. There are many things you can do to configure ssh to be "more" secure. You might want to check out the Open SSH pages (www.openssh.com) for some information. I for one stop ssh from accepting root logins. This is of debatable merit, but it does give me piece of mind.
You might also want to read up on generating public/private keys using ssh. There is lots of info on the net, but you can start here: http://www.tac.nyc.ny.us/~kim/ssh/

Good luck.
Noah
Logged

David

RE: Remote access
« Reply #2 on: December 05, 2000, 02:24:16 AM »
Thanks, I'll take a look at those webpages. But I think I found another way around this problem.
I found  my new 'unix/linux' command for the day. Doing a search for SSH and HOSTS.ALLOW I found a webpage talking about this command.

tcpdmatch ssh yahoo.com

This then tests the hosts.allow to see if any connection from then ip(or host name) will be allowed. So when I've been able to do is create a new rule in hosts.allow to ONLY allow ssh connections from my works IP, and of course my internal IPs.
I can now rest alittle easier now, then I may have stoped access to my machine via ssh to a point.

I also installed Abacus's "Sentry", so lets see how many people it stops from scanning my system.
Logged

Jeremy Rector

RE: Remote access
« Reply #3 on: December 06, 2000, 04:19:59 AM »
Did you set your home static IP to be treated as a local network, and keep all access (telnet, ftp) private?  This seems to be working fine for me.
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. General Discussion (Legacy)
  4. Topic: Remote access