1 |
Pe data de Luni 06 Decembrie 2004 23:42, Luigi Pinna a scris: |
2 |
> Alle 22:28, lunedì 06 dicembre 2004, Adrian CAPDEFIER ha scritto: |
3 |
> > is he doing that using ssh? If your computer is not a public server |
4 |
> > where people expect to connect on port 22 then you can alter the port |
5 |
> > to say 2222. One of the best security measures around :). You could |
6 |
> > also disable password logins and go for key-based authentification |
7 |
> > (assuming this doesn't restrict you in some way) |
8 |
> > |
9 |
> > Good luck. |
10 |
> > |
11 |
> > Adi. |
12 |
> |
13 |
> No, my computer is not a public server, I can change the listen port; |
14 |
> I'd use key and password: usually I connect from the same machine. |
15 |
> I want to do that: a rda key from the host allows to connect to the ssh |
16 |
> server and after the usual authentication. |
17 |
> Now I try to install a firewall and after that I'd do that. |
18 |
> Is it complicated? |
19 |
> In this moment I try to learn about firewall-kernel-2.6 modules... |
20 |
> Thanks, |
21 |
> Luigi |
22 |
|
23 |
A firewall is a must for every putter connected to the Internet IMO. If you |
24 |
install one you can allow access on port 22 to only some hosts and deny to |
25 |
everyone else (or the other way arround). |
26 |
Alternatively if you're feeling devilish and bored you could also install a |
27 |
traffic shaper and make the incomming speed on port 22 (except for some |
28 |
hosts) to 1B/s >:) |
29 |
|
30 |
If you want I can e-mail to you a version of my script used for neghibourhood |
31 |
routing that I use to protect my personal computer. |
32 |
|
33 |
Adi. |
34 |
|
35 |
-- |
36 |
gentoo-user@g.o mailing list |