Subj : Re: Nightmares / Dreams
To   : Brian Klauss
From : Gamgee
Date : Fri Apr 01 2022 23:04:00

-=> Brian Klauss wrote to Gamgee <=-

 Mc>> Sir, I would ask you to refresh your lessons on network
 Mc>> vulnerability. Trust me when I say this: SSH access is root
 Mc>> access, if you do it right.

 Ga> Just to hit on this previous comment by McDoob.... SSH access is root
 Ga> access, if you do it *WRONG*...!  That's even assuming one allows SSH
 Ga> access to the OS, which is not what we're talking about here.

 BK> First and foremost, disable root access via sshd_config.  Second,
 BK> change the port to something out there and only configure it for
 BK> a specific range of IPs. Finally, set the BBS to respond to port
 BK> 22.  Whenever I hear people getting root hacked via an SSH
 BK> exploit, I cringe.  It's not the exploit, it's stupidity.

Not sure why you replied to me on this.  Perhaps you meant to send this
to McDoob?  Also, some of your reply doesn't make much sense.  I would
not set the BBS to respond to port 22 because I want the computer/OS to
respond to 22 when I SSH to it from within my LAN.  The BBS should be
set to something else, such as 2222 or whatever.  Oh, and it goes without
saying that you don't allow root to access the box via SSH.

Again, this is all meant to go to McDoob, as I already know this...



.... Nothing is so smiple that it can't get screwed up.
=== MultiMail/Linux v0.52
--- SBBSecho 3.15-Linux
 * Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)

.