[mythtv-users] Security concerns for my myth box
Jeff Thompson
lists at threeputt.org
Thu Dec 16 02:57:07 UTC 2004
David Whyte wrote:
>Very interested to hear some knowledgable users comments on this.
>
>I am behind a NAT router, have a dynamix IP but will use dynDNS, and I
>have port 80 blocked by ISP. I plan to open SSH and a port for HTTP
>(1010 or 1080) so I can use MythWeb when out of the house. I will
>obvisouly change my crappy root password when I get to opening the
>ports..
>
>Cheers,
>Whytey
>
>
>
>
Hi, I have two different Fedora Core 2 systems connected to the internet
full-time. I run logwatch and began noticing that my servers were both
being scanned daily. It looked like they were using some sort of
dictionary attack script, because I saw repeated login failures for
common userid's, including root. Fortunately, I did not have a weak root
password or my systems would have been hacked.
To thwart the attempts, I changed my sshd configuration to not allow ssh
via passwords at all. To do so, edit /etc/ssh/sshd_config and add the
line "PasswordAuthentication no". Doing so will require that you access
your system via ssh using public/private keys.
You can generate the public/private keys with openssh or puttygen,
whichever you prefer.
Hope that helps.
--
jthomps
>On Wed, 15 Dec 2004 16:16:14 -0500, Craig Partin <cpartin at gmail.com> wrote:
>
>
>>After reading the post about the poor soul who's box was rooted, it
>>got me to worrying about my own. Right now I feel pretty safe with
>>the box behind a NAT hardware firewall. I do want to open some ports
>>for SSH and HTTP connections and wonder what security considerations I
>>might be missing.
>>
>>The myth user is logged in with sudo passwordless renice access.
>>Services are run as root and the frontend and X are setuid root. It's
>>a basic gentoo install with no additional security related tweaking.
>>openSSH, MySQL, and Apache2 are the only network daemons running.
>>
>>What security measures do others have in place?
>>
>>Thanks,
>>Craig
>>
>>
>>_______________________________________________
>>mythtv-users mailing list
>>mythtv-users at mythtv.org
>>http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users
>>
>>
>>
>>
>>
>
>
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>mythtv-users mailing list
>mythtv-users at mythtv.org
>http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mythtv.org/pipermail/mythtv-users/attachments/20041215/0ff8d586/attachment.htm
More information about the mythtv-users
mailing list