|
|
best SSL techniques
|
|
|
|
Senior User
Join Date: Oct 1999
Location: Austin, TX 78751
Status:
Offline
|
|
I want to enable SSL logins on my Mac (running Leopard) so that I can have the possibility of rebooting it from another machine in case of freezes, but if I enable remote logins, I find that when connected to my campus network, my computer is subject to a huge number of brute force password-guessing logins. I want to do the remote logins from my iPhone (using the AppStore app TouchTerm, so I can't use a public/private key method of logging in. Any other suggestions in terms of avoiding these attacks? I'd rather avoid having to enable and disable remote logins depending on which network I'm connected to -- that sort of defeates the whole purpose of being able to log in remotely.
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Nov 2003
Status:
Offline
|
|
I think you mean SSH.
Anyway, I would of course suggest using key authentication but since that is not an option:
- there are are plenty of programs that effectively “blacklist” attackers after x failed authentication attempts. I don’t use Mac OS X as a server but some examples from the linux world are fail2ban, denyhosts or sshguard — most of these should work on OS X.
- change the default port from 22 to something else.
- and of course use a strong password, but you already knew that.
another option would be a port knocking mechanism but I don’t think that makes sense for your usage scenario.
|
"The road to success is dotted with the most tempting parking spaces."
|
|
|
|
|
|
|
|
Senior User
Join Date: Oct 1999
Location: Austin, TX 78751
Status:
Offline
|
|
Originally Posted by moep
I think you mean SSH.
Anyway, I would of course suggest using key authentication but since that is not an option:
- there are are plenty of programs that effectively “blacklist” attackers after x failed authentication attempts. I don’t use Mac OS X as a server but some examples from the linux world are fail2ban, denyhosts or sshguard — most of these should work on OS X.
- change the default port from 22 to something else.
- and of course use a strong password, but you already knew that.
another option would be a port knocking mechanism but I don’t think that makes sense for your usage scenario.
I might be able to install the keys on the iPhone ... how does one change the port used by ssh on MacOS X?
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Nov 2003
Status:
Offline
|
|
It’s cumbersome but it works:
Mac OS X Hints
(I’ve done it on Leopard before using this tutorial)
|
"The road to success is dotted with the most tempting parking spaces."
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|