Re: [PLUG] SSH Hardening : Request for Best Practices

brent timothy saner on 26 Jul 2017 10:25:58 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] SSH Hardening : Request for Best Practices

From: brent timothy saner <brent.saner@gmail.com>
To: plug@lists.phillylinux.org
Subject: Re: [PLUG] SSH Hardening : Request for Best Practices
Date: Wed, 26 Jul 2017 13:25:45 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:openpgp:message-id:date:user-agent :mime-version:in-reply-to; bh=6WHbZMuktLPKmn6UWWvJexcrgqsnYO7YJURWDO21xp4=; b=hz1TrhAvi3nDt48JMzsxinkWKzFNjIQLQz2vxCd4kIuOew0zSNIhONI41IeuWfJKWz M1J6Jw9UgFbJlAX272yeGZ/8fkU3RUHJE8bhF6mXOKI/CEqiERF5EsXMCs0C0vs+nvWw FDryk4ldx/2bz5S2dWgrn8mX55K1deL6VHqhLpoxqmlHBpWD5Eix3N+BB0f71ZG9jNKP 8LToyQ1nyrl85Ex+e/ll9rl7rgi+T2mYfIJwEamcCmjtxwCPnUoVu1tRZ7+9UVul66ei YS94Iiv2z3Mndniixlav2tGPfi8v876QfbgR9JheDYE7lCHqpbV91COoncLQAqS23vVf V1Xg==
Openpgp: id=748231EBCBD808A14F5E85D28C004C2F93481F6B
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1

On 07/26/2017 09:07 AM, Louis K wrote:
> I'm in the process of hardening an ssh server on my home network I plan
> on exposing so I can access it remotely. I've configured a number of
> typical hardening approaches (non standard port, disable root login,
> require keys, limit to single user). 
> 
> I'd love to hear people's general recommendations for best practices,
> and have two specific questions:
> *  I'm considering adding two factor auth in addition to the ssh keys.
> Is this overkill? I think in that case the 2-factor-auth really only
> protects me against someone getting my key (i.e., stealing my laptop and
> sshing in), which I _think_ is unlikely. 
> * I'm going to configure sshgaurd, but but haven't decided on which
> firewall to use yet. I'm not super passionate about firewalls so
> simplicity is key. What are your opinions on pf vs ipfw vs iptables?
> 
> Thanks in advance!
> 
> Lou
> 

conveniently, i mirror an article for just this purpose.

https://sysadministrivia.com/news/hardening-ssh-security

and you can find it in a python script (without the Tor stuff) here:
https://aif.square-r00t.net/cfgs/scripts/post/sshsecure.py

Attachment: signature.asc
Description: OpenPGP digital signature

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] SSH Hardening : Request for Best Practices
  - From: Joe Rosato <rosatoj@gmail.com>

References:
- [PLUG] SSH Hardening : Request for Best Practices
  - From: Louis K <louis.kratz@gmail.com>

Prev by Date: Re: [PLUG] SSH Hardening : Request for Best Practices
Next by Date: Re: [PLUG] SSH Hardening : Request for Best Practices
Previous by thread: Re: [PLUG] SSH Hardening : Request for Best Practices
Next by thread: Re: [PLUG] SSH Hardening : Request for Best Practices
Index(es):
- Date
- Thread