Robert on 26 Jul 2017 07:22:02 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] SSH Hardening : Request for Best Practices

On 07/26/2017 09:07 AM, Louis K wrote:
> I'm in the process of hardening an ssh server on my home network I
> plan on exposing so I can access it remotely. I've configured a number
> of typical hardening approaches (non standard port, disable root
> login, require keys, limit to single user). 
> I'd love to hear people's general recommendations for best practices,
> and have two specific questions:
> *  I'm considering adding two factor auth in addition to the ssh keys.
> Is this overkill? I think in that case the 2-factor-auth really only
> protects me against someone getting my key (i.e., stealing my laptop
> and sshing in), which I _think_ is unlikely. 

Add a passphrase to your keys then you don't have to worry about someone
getting a hold of it and using it.

> * I'm going to configure sshgaurd, but but haven't decided on which
> firewall to use yet. I'm not super passionate about firewalls so
> simplicity is key. What are your opinions on pf vs ipfw vs iptables?

I'm a fan of IPTABLES so my comment here is biased. :)



Smile, it increases your face value.........

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --