On 8-Dec-08, at 10:08 AM, A dot L dot M dot Buxey at lboro dot ac dot uk wrote:
>> seems the bad guys do actually know how to get arund that one, too:
>> darn, how i hate this rat-race.
>> it sucks big time.
> SSH on port 22 ('hiding it' on other ports doesnt work)
> Stop any text entry authentication - use only certificates
> (strong ones too!)
problem is: i'm not the admin of _that_ server.
there is a company servicing their software running on that machine,
and i couldn't even get them to change from the standard port.
they nedd the whole plethora open, ftp, ssh, you name it. They say
they have a servicing tool built specially for that, so this is yet
another case of pretty shitty software making the world more
So much about me expecting them to be able to know and practice what
you're suggesting (and i shall be doing on my severs from now ;-) )
Actually, hiding the port works pretty fine for me so far. And, for
sure, i don't allow root to log in on my systems.
So that _particular_ patient is open to the support_company's ip only.
Not pretty, but the only thing i can do.
I actually would have liked to get ssh as a backup as well to access
the monowall from inside, in the case i have to change the VPN