brent timothy saner on 26 Jul 2017 10:25:58 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] SSH Hardening : Request for Best Practices

On 07/26/2017 09:07 AM, Louis K wrote:
> I'm in the process of hardening an ssh server on my home network I plan
> on exposing so I can access it remotely. I've configured a number of
> typical hardening approaches (non standard port, disable root login,
> require keys, limit to single user). 
> I'd love to hear people's general recommendations for best practices,
> and have two specific questions:
> *  I'm considering adding two factor auth in addition to the ssh keys.
> Is this overkill? I think in that case the 2-factor-auth really only
> protects me against someone getting my key (i.e., stealing my laptop and
> sshing in), which I _think_ is unlikely. 
> * I'm going to configure sshgaurd, but but haven't decided on which
> firewall to use yet. I'm not super passionate about firewalls so
> simplicity is key. What are your opinions on pf vs ipfw vs iptables?
> Thanks in advance!
> Lou

conveniently, i mirror an article for just this purpose.

and you can find it in a python script (without the Tor stuff) here:

Attachment: signature.asc
Description: OpenPGP digital signature

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --