Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Enthusiast Zone > Networking > best SSL techniques

best SSL techniques
Thread Tools
Le Flaneur
Senior User
Join Date: Oct 1999
Location: Austin, TX 78751
Status: Offline
Reply With Quote
Aug 13, 2008, 08:49 PM
 
I want to enable SSL logins on my Mac (running Leopard) so that I can have the possibility of rebooting it from another machine in case of freezes, but if I enable remote logins, I find that when connected to my campus network, my computer is subject to a huge number of brute force password-guessing logins. I want to do the remote logins from my iPhone (using the AppStore app TouchTerm, so I can't use a public/private key method of logging in. Any other suggestions in terms of avoiding these attacks? I'd rather avoid having to enable and disable remote logins depending on which network I'm connected to -- that sort of defeates the whole purpose of being able to log in remotely.
     
moep
Senior User
Join Date: Nov 2003
Status: Offline
Reply With Quote
Aug 14, 2008, 11:36 AM
 
I think you mean SSH.
Anyway, I would of course suggest using key authentication but since that is not an option:

- there are are plenty of programs that effectively “blacklist” attackers after x failed authentication attempts. I don’t use Mac OS X as a server but some examples from the linux world are fail2ban, denyhosts or sshguard — most of these should work on OS X.
- change the default port from 22 to something else.
- and of course use a strong password, but you already knew that.

another option would be a port knocking mechanism but I don’t think that makes sense for your usage scenario.
"The road to success is dotted with the most tempting parking spaces."
     
Le Flaneur  (op)
Senior User
Join Date: Oct 1999
Location: Austin, TX 78751
Status: Offline
Reply With Quote
Aug 14, 2008, 11:48 AM
 
Originally Posted by moep View Post
I think you mean SSH.
Anyway, I would of course suggest using key authentication but since that is not an option:

- there are are plenty of programs that effectively “blacklist” attackers after x failed authentication attempts. I don’t use Mac OS X as a server but some examples from the linux world are fail2ban, denyhosts or sshguard — most of these should work on OS X.
- change the default port from 22 to something else.
- and of course use a strong password, but you already knew that.

another option would be a port knocking mechanism but I don’t think that makes sense for your usage scenario.
I might be able to install the keys on the iPhone ... how does one change the port used by ssh on MacOS X?
     
moep
Senior User
Join Date: Nov 2003
Status: Offline
Reply With Quote
Aug 14, 2008, 03:08 PM
 
It’s cumbersome but it works:

Mac OS X Hints

(I’ve done it on Leopard before using this tutorial)
"The road to success is dotted with the most tempting parking spaces."
     
   
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 11:40 AM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,