Jerry - Thanks again for all your help... Not being familiar with ssh it took me a while to get everything set up so it would work from either inside or outside my network. This seems like a good approach/defense against the idiots of the world. Marc... Jerry Westrick wrote:
Please note that there is a Slow-motion "Brute force" attack being made on ssh across the internet.
You will receive many attempts to guess your usernames/passwords. The method I use to defeat it is: 1 - Do not use simple passwords! 2 - change the port that sshd listens on: 3 - only allowing ssh access to user in a specific group.
How to Change the ssh portno =================== Although this is not a world moving security measure, it foils the type of attacks being done offer the last couple of years.
Here the method I use:
1) on the ssh-server machine: modify /etc/ssh/sshd_config Uncomment "#Port 22" line and change to an unused port, (preferably under 1024) restart sshd
2) on the ssh client machine modify /etc/ssh_config Add the following 2 lines
Host mybrothers.office.com Port <your portno>
After that every should work as normal.
How to define a Group allowed to use ssh ========================
This one is also easy. modify /etc/ssh/sshd_config add line AllowGroups remotessh
The you have to add users to the group remotessh, so that they can connect remotetly. I have very few users in that group.
Jerry. P.S. You can use the free ssh client called putty on windows machines to set the same tunnels from windows machines, but as usual it's a bit more complicated!