On 15/12/10 17:11, mick wrote:
On Wed, 15 Dec 2010 15:30:58 +0000 Chris Gcl@isbd.net allegedly wrote:
Try "ssh -N -f -R 54321:localhost:22 user@your.home.server"
where user @ your home server has no shell (e.g. bin/false)
also see "man ssh"
Also, remove "user" from any unnecessary user groups groups.
Edit sshd_config file (or whatever equivalent is) to lock it down, e.g. permint_root_login = false strictmodes=yes allowedgroups= #i.e no groups allowedusers=USER #I think the above is right, not sure... IgnoreRhosts yes
Also, you may like to use a non-standard port to run SSH on and/or run intrusion detection system like Fail2Ban or Denyhosts or both.
When I ran a SSH server on Port 22, I was amazed to see the access log fill up with script kiddies trying to login. As you're using a KEY, you should be safe, however, if you use a non-standard port number for SSH, then they won't know you're there, and won't try to hack in.
Fail2Ban or Denyhosts can check access logs and ban people trying to hack your system, and/or downloads a list of suspect ip addresses which it blocks from your system. Perhaps this is a bit paranoid if you're running on a non-standard port. Check your access logs after a while of working successfully and see if there are any login attempts that aren't you! Be careful you don't lock yourself out of your own system!
HTH Steve