[Klug-general] Hiding Port 22 on an SSH based VPN

Peter peter at sheppey.free-online.co.uk
Tue Apr 3 17:19:56 BST 2007


Many thanks for all your replies to my query. I'm a bit relieved that
there weren't any dire warnings that my set up was hopelessly
compromised. I am interested in the points raised.

All my machines run Kubuntu with all the latest updates. I connect using
commands in the following formats;

sudo sshfs user1 at site1.xxxdns.org:/home/user1 -o
allow_other /home/user2/mountpoint

ssh -Xl fmyo pearlh.homedns.org

and in KDE Konqueror 

fish://user1@site1.xxxxdns.org/home/user1

The addresses are dynamic so they're named through DynDNS. 

Konqueror may allow a different port to be used but can you use any port
or could you interfere with other functions?

All the commands seem to use keys as well as passwords automatically. Do
they need to be tweaked?

Konqueror allows root logins via FISH protocol. If any KDE user knows
your IP address he can get as far as being asked for your root password.
Blocking root logins through other SSH protocols seems pointless.

I've loaded fail2ban. I hope the manual is written for idiots and not
PHDs.

I'll try the iptables commands I was given a try. I accept that they're
a good system. It's just that there's a lot to take in for a one off
job.

Regards, Peter.



-- 
I am having a lot of trouble with spam. Please add 'check123'to your
subject line so that your message will be highlighted.




More information about the Kent mailing list