| Robert on 26 Jul 2017 07:22:02 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] SSH Hardening : Request for Best Practices |
On 07/26/2017 09:07 AM, Louis K wrote: > I'm in the process of hardening an ssh server on my home network I > plan on exposing so I can access it remotely. I've configured a number > of typical hardening approaches (non standard port, disable root > login, require keys, limit to single user). > > I'd love to hear people's general recommendations for best practices, > and have two specific questions: > * I'm considering adding two factor auth in addition to the ssh keys. > Is this overkill? I think in that case the 2-factor-auth really only > protects me against someone getting my key (i.e., stealing my laptop > and sshing in), which I _think_ is unlikely. Add a passphrase to your keys then you don't have to worry about someone getting a hold of it and using it. > * I'm going to configure sshgaurd, but but haven't decided on which > firewall to use yet. I'm not super passionate about firewalls so > simplicity is key. What are your opinions on pf vs ipfw vs iptables? I'm a fan of IPTABLES so my comment here is biased. :) -- Regards, Robert Smile, it increases your face value......... ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug