Hacker News new | past | comments | ask | show | jobs | submit login

My 3 most important rules for Linux servers are:

1. Run software update!

2. Don't allow everyone to access sensitive ports. Moving SSH to some nonstandard port is not enough. Use iptables to limit access to it from only certain static IPs.

3. Run SELinux! If you think its only purpose is to make your life more difficult, you have a lot more studying to do. (Also, make sure you don't use a distro that comes with a badly broken selinux config)

UPDATE: formatting




I've never been a fan of changing SSH's port.

If you're going to firewall SSH, changing the port is redundant.. The only reason to change the port is to prevent brute force attacks, and the firewall will do that for you.


Still.... it really cleans the logs up. It's not safer, but the logs do become easier to read in a pinch.


Huh? The firewall logs? Got grep -v?


The thing is that a lot of the simple scripts only bang on 22. Moving the port means that a lot of scripts will move on to another server.


Turn off password logins and move ssh to a different port.


And disable root login from ssh.


Use iptables to limit access to it from only certain static IPs.

Or just disable password logins entirely.


Yeah, that's really much more secure ;-)

http://www.debian.org/security/2008/dsa-1571


This would only protect you against password guessing, but not against any remotely exploitable security holes in the SSH (or any other) daemon.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: