Logging connections
Simon Edwards
simon@simonzone.com
Tue, 19 Jun 2001 21:19:55 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
> On my firewall i would like to open SSH so that I can login from home and
> do stuff or use it for tunneling. However i get very nervous about
> opening anything up - especially on my firewall box so I want some logging.
> Leaving aside how much of a bad idea this is I can log packets with the syn
> bit set for connection attempts - and I will know when I attempt this so I
> can eliminate those.
> However I want to distinguish between hackers actually gaining access from
> simple port scans.
Log the syns and also make sure logging is turned on in the sshd also. The
sshd logs will tell you who has logged in/out etc.
> Can anyone think of a clever way
> round this (or even a non-clever way would do!)
this is all common stuff. "Cleverness" often ends up being the enemy of
security. Use the logging that comes with ssh.
For extra paranoia points you could limit connections to ssh by IP (i.e. to
your home ip, ISP range etc), and also beef up your authentication by using
RSA based authentication instead of just passwords. Finally, make sure your
system is patched up for the love of god...
cheers,
- --
Simon Edwards
simon@simonzone.com
http://www.simonzone.com/
Nijmegen, The Netherlands "ZooTV? You made the right choice."
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjsvpeEACgkQuIuDmTrvhSbpXQCePcrO+nyJUQmNU1jLXb/1BuLI
otAAn0io6qxoj19X5E0O+E/FVm2dnG8O
=k4xd
-----END PGP SIGNATURE-----