http://wifinetnews.com/archives/002453.html
How good is your pass phrase?

As for the rest, I can't really disagree. Cheap, hackable (vs. crackable), ... What's not to like?

This would certainly make a nice write up....

_________________
cesman

When the source is open, the possibilities are endless!

Me too, particularly since the QoS with the Linksys firmware didn't work correctly with Vonage. And I have wireless turned off.

While we're drifting... I've been really pleased by my little "m0n0wall" firewall. It's based on FreeBSD and focused on small dedicated hardware platforms. I have it running on a little single-board computer called a WRAP. Its small, quiet, very configurable, and solid. I also use it for IPSec VPN with my work location.

I agree with cesman and the others -- a decent hardware firewall is a MUST these days!

_________________
Do you code to live, or live to code?
Search LinHES forum through Google

I understand the stated position for the original security concern that I brought up and I was going to let this drop.. But then a good friend of mine asked me why I don't just deny remote login for the mythtv user.

I thought about it, and that also seems like a good idea. One could just add a line to the end of /etc/ssh/sshd_config like so:



... to prevent people from logging into a knoppmyth box via SSH as the mythtv user. Wouldn't need to change passwords, should work to protect users.

Again, just throwing this out as an idea. I'm not meaning to press the issue.

-Aubrey

thanks for the tips! i used the denyuser mythtv in ssh, changed the ssh external port on my router, and also installed the iptables sshdfilter script since earlier today i noticed some ssh login attempts in my auth.log.

_________________
ASUS P5N7A-VM, 2.5gHz E5200, 2GB crucial DDR2, pvr-250, hdhomerun, URC-8820 remote, Panasonic TH-42PZ80U, LinHES 6.01.00

In my /etc/ssh/sshd_config file I am using...

AllowUsers mythtv@192.168.0.* root@192.168.0.* myuseracct

This way root and mythtv can have direct access on my 192.168.0.* based home lan (yes I know I could ssh and su from myuseracct) and I can ssh from on the road if things start acting weird to fix them for my family.

If you wanted to get really tricky you could run dyndns on your personal computer and then add;

AllowUsers mythtv@192.168.0.* root@192.168.0.* myuseracct@dyndnsaddress

Then you could only ssh when you auto update your dyndns acct.

You can also use public-key encryption to help keep prying eyes out. A Windows-to-Linux scenario is detailed here:

[url]http://www.knoppmythwiki.org/index.php?page=RemoteAccessfromWindows[/url]

_________________
Mike
My Hardware Profile