Best practices for securing SSH server
Jeff Laine
wtf.jlaine at gmail.com
Tue Jun 23 06:18:53 UTC 2009
On Mon,06/22/09 [21:16:35], Daniel Underwood wrote:
> On a BSD box at work (at an extremely fast connection and static IP),
> I run an SSH server. I am the only person who uses the server, but I
> use it from some locations that are behind a dynamic IP (so I can't
> set pf rules to filter by IP). I will always, however, use the same
> laptop to connect to the server. Due to the speed and location of the
> connection, it's a relatively high-risk target.
>
> What are some good practices for securing this SSH server. Is using a
> stored key safer than a password in this instance? I have no
> experience with port-knocking, but I'd appreciate some tips or
> suggested beginning references... I welcome any and all advice.
>
> Note: I do require X11 forwarding (not sure whether that's relevant information)
>
> TIA,
> Daniel
To block bruteforce probes on ssh I use pf with it's great function 'max-src-conn-rate'.
man pf.conf provides some useful hints.
--
Best regards,
Jeff
| "Nobody wants to say how this works. |
| Maybe nobody knows ..." |
| Xorg.conf(5) |
More information about the freebsd-questions
mailing list