Louis K on 26 Jul 2017 06:08:23 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] SSH Hardening : Request for Best Practices

I'm in the process of hardening an ssh server on my home network I plan on exposing so I can access it remotely. I've configured a number of typical hardening approaches (non standard port, disable root login, require keys, limit to single user). 

I'd love to hear people's general recommendations for best practices, and have two specific questions:
*  I'm considering adding two factor auth in addition to the ssh keys. Is this overkill? I think in that case the 2-factor-auth really only protects me against someone getting my key (i.e., stealing my laptop and sshing in), which I _think_ is unlikely. 
* I'm going to configure sshgaurd, but but haven't decided on which firewall to use yet. I'm not super passionate about firewalls so simplicity is key. What are your opinions on pf vs ipfw vs iptables?

Thanks in advance!

Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug