[mythtv-users] Security concerns for my myth box

Jeff Thompson lists at threeputt.org
Thu Dec 16 02:57:07 UTC 2004


David Whyte wrote:

>Very interested to hear some knowledgable users comments on this.  
>
>I am behind a NAT router, have a dynamix IP but will use dynDNS, and I
>have port 80 blocked by ISP.  I plan to open SSH and a port for HTTP
>(1010 or 1080) so I can use MythWeb when out of the house.  I will
>obvisouly change my crappy root password when I get to opening the
>ports..
>
>Cheers,
>Whytey
>
>
>  
>
Hi, I have two different Fedora Core 2 systems connected to the internet 
full-time. I run logwatch and began noticing that my servers were both 
being scanned daily. It looked like they were using some sort of 
dictionary attack script, because I saw repeated login failures for 
common userid's, including root. Fortunately, I did not have a weak root 
password or my systems would have been hacked.

To thwart the attempts, I changed my sshd configuration to not allow ssh 
via passwords at all. To do so, edit /etc/ssh/sshd_config and add the 
line "PasswordAuthentication no". Doing so will require that you access 
your system via ssh using public/private keys.

You can generate the public/private keys with openssh or puttygen, 
whichever you prefer.

Hope that helps.

--
jthomps

>On Wed, 15 Dec 2004 16:16:14 -0500, Craig Partin <cpartin at gmail.com> wrote:
>  
>
>>After reading the post about the poor soul who's box was rooted, it
>>got me to worrying about my own.  Right now I feel pretty safe with
>>the box behind a NAT hardware firewall.  I do want to open some ports
>>for SSH and HTTP connections and wonder what security considerations I
>>might be missing.
>>
>>The myth user is logged in with sudo passwordless renice access.
>>Services are run as root and the frontend and X are setuid root.  It's
>>a basic gentoo install with no additional security related tweaking.
>>openSSH, MySQL, and Apache2 are the only network daemons running.
>>
>>What security measures do others have in place?
>>
>>Thanks,
>>Craig
>>
>>
>>_______________________________________________
>>mythtv-users mailing list
>>mythtv-users at mythtv.org
>>http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users
>>
>>
>>
>>    
>>
>
>
>  
>
>------------------------------------------------------------------------
>
>_______________________________________________
>mythtv-users mailing list
>mythtv-users at mythtv.org
>http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users
>  
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mythtv.org/pipermail/mythtv-users/attachments/20041215/0ff8d586/attachment.htm


More information about the mythtv-users mailing list