| LinHES Forums http://forum.linhes.org/ |
|
| SSH[D]on R5A26 http://forum.linhes.org/viewtopic.php?f=6&t=7063 |
Page 1 of 1 |
| Author: | richw [ Thu Nov 24, 2005 4:16 pm ] |
| Post subject: | SSH[D]on R5A26 |
Hi all, I've done a install of R5A26 and everything went well 
But, I noticed that SSHD is on by default and the mythtv user can login.... Just a warning to all that have there knoppmyth PC accessible to the net!!! Unsure If i have the right forum, is this is the right place? |
|
| Author: | Girkers [ Thu Nov 24, 2005 4:27 pm ] |
| Post subject: | |
This is the right place. SSHD has been on by default for some versions now and this will only be a security issue if you have the port open and forwarded from you firewall. By default this will never be set on a firewall. |
|
| Author: | richw [ Thu Nov 24, 2005 4:39 pm ] |
| Post subject: | |
I do understand there is a small chance, but at work our internet server keeps getting ssh logins from zombie PC's! A little bit of a warning to people out there. |
|
| Author: | afrosheen [ Fri Nov 25, 2005 1:28 pm ] |
| Post subject: | |
That's nothing to worry about. A simple port redirect above 10000 should prevent further ssh login attempts. |
|
| Author: | cesman [ Sat Nov 26, 2005 5:18 pm ] |
| Post subject: | |
One really should not have thier PVR directly hooked up to the Internet (period). MythTV wasn't designed with security in mind. Isaac has stated that doing so would affect performance. |
|
| Author: | richw [ Sat Nov 26, 2005 6:17 pm ] |
| Post subject: | |
I would only run a machine behind a firewall or a NAT router...but people these days have a tency to put machines in the dmz when they can't get something work and leave it. I would like SSH access to my myth box from the internet, my router will have port 22 forward onto my myth box as i have no other linux box on my network. I did notice a couple of guides on http://knoppmythwiki.org reffering to the use of ssh for a couple of things, hence my warning. I think i could of worded my orginal post a bit better 
|
|
| Author: | alewman [ Fri Dec 02, 2005 1:52 pm ] |
| Post subject: | |
Oh, several of us have brought this issue up and have all gotten similar replies. So, don't take it too hard. On the plus side, the powers that be recently password protected mythweb, so they are at least listening... The other day I was thinking that maybe another solution to this problem that would be more acceptable would be to have the default sshd configs only allow connections from the private ip addresses.. 10.x, 172.x, 192.x.. But I suspect that I'm wrong. 
-Aubrey |
|
| Author: | cesman [ Fri Dec 02, 2005 2:50 pm ] |
| Post subject: | |
I am not going to waste my time trying to lock down KnoppMyth out the box (period). If MythTV wasn't designed with security in mind (as it would affect performance), why should I try to lock down KnoppMyth? End of discussion. |
|
| Author: | jimmyfergus [ Fri Dec 02, 2005 11:04 pm ] |
| Post subject: | |
richw wrote: I would only run a machine behind a firewall or a NAT router...but people these days have a tency to put machines in the dmz when they can't get something work and leave it.
I would like SSH access to my myth box from the internet, my router will have port 22 forward onto my myth box as i have no other linux box on my network. I did notice a couple of guides on http://knoppmythwiki.org reffering to the use of ssh for a couple of things, hence my warning. I think i could of worded my orginal post a bit better If you want secure access to your box from the internet, my advice would be to move sshd to a non-standard port (and forward that port from your router), and allow only key-based logins. There are any number of guides on how to do those two around the web. You have to forgive Cesman if he's a bit blunt on this issue, I've seen it come up frequently, and I only browse these forums occasionally. |
|
| Author: | cesman [ Sat Dec 03, 2005 1:39 am ] |
| Post subject: | |
If someone wants to submit a script to help harden a boxen, but all means. |
|
| Page 1 of 1 | All times are UTC - 6 hours |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|