Subj : Re: Nightmares / Dreams
To   : Gamgee
From : Brian Klauss
Date : Sat Apr 02 2022 00:48:00

-=> Gamgee wrote to Brian Klauss <=-

 -=> Brian Klauss wrote to Gamgee <=-

 BK> First and foremost, disable root access via sshd_config.  Second,
 BK> change the port to something out there and only configure it for
 BK> a specific range of IPs. Finally, set the BBS to respond to port
 BK> 22.  Whenever I hear people getting root hacked via an SSH
 BK> exploit, I cringe.  It's not the exploit, it's stupidity.

 Ga> Not sure why you replied to me on this.  Perhaps you meant to send this
 Ga> to McDoob?  Also, some of your reply doesn't make much sense.  I would
 Ga> not set the BBS to respond to port 22 because I want the computer/OS to
 Ga> respond to 22 when I SSH to it from within my LAN.  The BBS should be
 Ga> set to something else, such as 2222 or whatever.  Oh, and it goes
 Ga> without saying that you don't allow root to access the box via SSH.

 Ga> Again, this is all meant to go to McDoob, as I already know this...

But why have an external well-known port configured elsewhere for user access? 
A trivial inconvenience for yourself allows for far greater reach for your
users.  For example, having your BBS respond on port 22 while you access your
system, locally, on port 30222, ensures your users don't have to remember the
port to access your system.

Ultimately, I am always on the side of the users (customers, clients, etc.),
and want to make their lives a little bit easier.


Brian Klauss <-> Dream Master
Caught in a Dream | caughtinadream.com a Synchronet BBS

.... So easy, a child could do it. Child sold separately.
=== MultiMail/Mac v0.52
--- SBBSecho 3.15-Linux
 * Origin: Caught in a Dream - caughtinadream.com (21:3/163)

.