[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [suse-security] safety with scp

there are thousands of scan attempts being run against all ssh servers out
I would do two main things.
1. Disable password authentication and enable RSA key authentication.
This way you can manage your keys, change the key regularly and set a high
bit value (2048 or higher) to get max key strength.
This also emsures that no script kiddies get onto your box with dictionary
based ssh attacks
2. Choose an obfuscated port, don't use 22, use something at the wrong end
of the scanning spectrum, say *sucks thumb* port 53245 (check that this is
Many scanners will only scan authorised ports as the high ports are a waste
of time, if it is only you using it, then you don't have to worry about
notifying people of you obscure port number...
Some others.
MAKE SURE you are only allowing protocol 2
Disable agent forwarding.
Set your server host key to a stronger key strength.
Anyway, that should all help...


From: piet [mailto:prooroa@xxxxxxxxxx] 
Sent: 10 November 2005 11:59 AM
To: SuSE-Security
Subject: [suse-security] safety with scp

Good morning group,

I want to access my server(home based SuSE-box) through the Internet so 
I can upload images with winscp from my XP-laptop.
Is it safe to just open port 22 for the external world,
or do I need extra safety measures?

Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx 
Security-related bug reports go to security@xxxxxxx, not here