On Tuesday 21 Sep 2004 12:47, Tim Green wrote:
On Tue, 21 Sep 2004 11:40:21 +0100, Chris Green chris@areti.co.uk wrote:
In the real world how vulnerable will these two be? Will I get incessant hacking at the open SSH port on the ipCop box trying to guess the password or will it just be the occasional port scan? Assuming the password is secure enough (i.e. unguessable enough and not published on the internet somewhere) will I be basically OK?
Just looking back in auth.log, I can see "61.166.6.60" in China tried to guess my root password 3 times at 23:43 last night and again at 06:58 this morning. Last week there were 8 attempts from Germany, Korea and China.
Same here from same IP address. Wierd. I don't allow direct SSH access to root though. You have to log in as a user, then 'su'. I also get quite a few attempts every day from around the globe. Just make sure that your root password is unguessable (mixture of upper-case, lower-case, and numbers with no dictionary words) and you should be fine.
I may be able to limit the SSH access in particular to only certain client IP addresses but I want the IMAP to be accessible from anywhere. The IMAP server will probably only have two or three accounts on it and I will have control over passwords (though not where they're kept maybe).
I think you'll only frustrate yourself if you cannot SSH from anywhere.
I agree. I used to do that with the hosts.allow file, then I went away for a week and forgot to change the file and couldn't get in for a whole week - most frustrating.
Does anyone here have any experience of how vulnerable in reality such systems are? I'm not after Fort Knox, I just want things to be reasonably safe.
Especially since you want to access IMAP from anywhere, at least do it over a secure connection (ssh or ssl) so that you don't broadcast your password and email messages in the clear.
I have IMAP over SSH too. It seems to be the most secure set-up.
Matt