A few more things to be careful about
…but only for those of us with servers or other boxen that are running sshd.
Kasia has posted a good checklist for tightening up the ssh service in the face of the increasingly-common brute-force password scans (like the one we had a few weeks ago.) Read down into the comments, because they have some other ideas; in particular, there’s some discussion about whether password authentication should be enabled at all (with preference given to key authentication) or if it is a necessary evil.
I’m going through my servers this morning and making sure I can check all the boxes. I’ve taken many of these steps already, particularly on our webserver, which I am most paranoid about, but I’m not sure I’ve taken all the same steps on all the servers… time to do that now. If nothing else, I definitely have more to learn about ssh and its daemon.
Now playing: Fred Jones Part 2 from Ben Folds Live by Ben Folds
![[Swinging off a dragger, Cundy's Harbor, Maine, July 4th, 2003]](/images/cundys_harbor.jpg)