Slack 13.37 - Securing the SSH & SSHFS access from the outside
SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Slack 13.37 - Securing the SSH & SSHFS access from the outside
Hi all,
I've got a 13.37 server that's running just fine - I'm very happy with it, it's both my local proxy and development / testing platform.
I'm running into a problem: I'm working more and more often away from home on my laptop. Up until now I did not want to open the SSH access to the outside world, but it seems this is becoming necessary. Especially since I do all my file transfers through SSHFS (even locally, this is so easy to set up that I prefer it over Samba or NFS). So I have two security steps in mind:
1. I want to make sure only normal users - and maybe even just ONE particular user - can log in through SSH from the outside. Especially not root, obviously. As long as I can su at a later time, that's fine, and that's how it should be done anyway. But this, I should be able to figure out on my own I believe, this must be quite common.
2. I'd like to be notified by e-mail each time an SSH login is attempted. If I could get the user name & IP in the e-mail it'd even be better... And this is likely to be more tricky than the first task! Anyone has an idea on how to do that?
In the meantime if you have any further idea on how to make it even safer I'm interested...
Short answer:
Use a non-standard port. Port 22 is targeted by automated attack tools.
Use public key authentication. If only you have the key, it is unlikely that anyone will pick the lock.
Disable password logins and root access.
Do not bother with the email alerts. Unsuccessful attempts are not a problem. Successful logins are recorded in /var/log/messages.
In addition to the steps already mentioned I use denyhosts (http://denyhosts.sourceforge.net/) which automatically blacklists ip addresses which try to break into your server.
Take a look at the messages log (grep ssh) and you will be amazed at how often your server is attacked. You definitely don't want an email every time.
Ok thanks guys, I think with all this I should be able to get it right.
This is important as this is not exactly the kind of subject with which you can take the trial & error route...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.