Re: FC6 VPN

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Jim Douglas wrote:

> VPN w/ SSH is overkill I think, all I need is to securely access a remote 
> box...from Windows Client -> Linux Server.

Very often that will involve PuTTY. PuTTY also makes tunnelling very
easy, and is a *very* good terminal emulator.

> I think I found the answer,
> http://freenx.berlios.de/
>
> I have SSH up and running, anyone have any good links to securing my SSH 
> configuration?

1. Stick to SSH 2 (in /etc/ssh/sshd_config, use the Protocol keyword)
2. Set up private keys and disable password-based logins
3. Changing the port that SSH listens on will not deter a determined
   attacker, but may help you work out that you've got a determined
   attacker.
4. Make sure you run yum update regularly.
5. Use AllowUsers or AllowGroups to limit which users can log on
   remotely. Don't allow direct root logins -- get users to login as
   themselves and su - (this means attackers have to work out which
   usernames are valid).
6. If you must use passwords, make sure they're not dictionary words and
   include at least one (better, several) numbers or symbols.
7. Distribute the server public keys via trusted networks -- don't trust
   the client's ability to "learn" the server's key when it first
   connects, since you don't know that the remote computer really *is*
   your server.

But really, there's not much securing needed with SSH. It's only really
vulnerable to a security bug at either end, a dictionary attack, a
man-in-the-middle attack during the first connection, or some new,
unknown mathematics.

Hope this helps,

James.

-- 
E-mail:     james@ | For every complex problem, there is a solution that is
aprilcottage.co.uk | simple, neat, and wrong.

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux