Knockd
Hi,
I'm getting a lot of ssh break-in attempts on my Slackware box. Right now I have port 22 closed on my router to prevent a possible break-in but I would like to keep it open for remote access. I've heard a lot of good things about knockd but I have a few questions before I go and set it up. The slackware box I want to install it on is behind a d-link router/firewall. Will I need to open up the ports in the knock sequence on the router? If so, is this a security risk? Could someone potentially scan the routers open ports and come up with my knock sequence? Thanks, Ryan |
Not to dismiss Knockd as ineffective or useless but I think you better start by tighten your sshd_config (no root, passphrases instead of passwords, only Protocol 2, only allowed users) then pick a tool from here: http://www.linuxquestions.org/questi...d.php?t=340366. *Then* with all in place "play" with knockd.
|
Quote:
Quote:
But I have to echo the thoughts of the previous poster. Knockd is a defense that has certain advantages (prevents log spam, prevent "random" attacks, etc.) but it will not secure your computer for you. Do that FIRST. Knockd is a "convenience" that *improves* security of existing good setups. It does not *create* security for your computers. |
Thank you for the responses,
I went and tightened up my sshd config (AllowedUsers, DeniedUsers, no root, etc.) I'm already using ssh2. I'll look into using pass phrases instead of passwords. Hopefully, all of this will be enough. I guess I can live with some log spam, as long as they can't get in :) Thanks again, Ryan |
All times are GMT -5. The time now is 03:46 AM. |