Network Experts - advice needed !

[bb_matt]

Just want to know how safe this is :-


Situation :-

Home Network, connects via IPCop to bridged ADSL router.

Setup port forwarding to a Slackware box to port 22, only 165.165.0.0/255 can access.
Setup dyndns

I can now ssh into my slackware box from work and from there, do a samba mount to my windows box.

Windows box - just SharedDocs has a share.

I can only mount the share using the local network - iow, I can't use an external IP. I can also only mount the share from the slackware box. The windows box is otherwise locked down.

I would imagine if I changed sshd on my slackware box to listen on some obscure port, it would be better.

So, is it safe enough to do this ?

EDIT: I'm also wondering if I can use my dnydns.org hostname in the allowed connections to port 22 - IOW, instead of 165.165.0.0/255 - that would be even safer.

 

[Obelix]

Configure a certificate logon for ssh and disable keyboard-interactive. Then even if someone knows your connection settings and your passwords, they still cannot make use of it.

Moving ssh to another port is also a good idea. I get hits on port 22 all the time even though there is no deamon there. My firewall still logs the attempts.

Obelix

 

[Obelix]

I would also disable root login, but youre already done that right ;-)

 

[guest2013-1]

okay wah? what is samba? (for the uninformed)

 

[bb_matt]

Here ya go :-

Samba is an Open Source/Free Software suite that has, since 1992, provided file and print services to all manner of SMB/CIFS clients, including the numerous versions of Microsoft Windows operating systems. Samba is freely available under the GNU General Public License.

http://us3.samba.org/samba/

So, when I hook into my Slackware box via SSH, I just invoke :-

mount -t smbfs //192.168.0.2/SharedDocs /mnt/floppy

And I can then send/fetch files from my home windows box in a more or less secure manner by using SFTP.