09 March, 2008

SSH, domains, crypto...

Finally, I've acquired a location to set up a desktop computer as a domain-gateway for my personal LAN/WAN/WiFi-connections! Sw33t! My earlier conclusion to carry an USB memory dongle was a good idea. I got so many notifications about brute-force attack-attempts running SSH-blockage rules on my firewall, so I decided to drop them all together.


Using private-key authentication with a passphrase, proved to be MUCH better. Nearly any excessive bandwidth-overhead, nor serious lagging (which was the main problems when running SSH firewall rules for brute-force attack tracking and blocking. It was basically too CPU intensive to be useful).

Regarding the key-authentication, both the generation of keys, and re-configuring of the SSH server to accept the keys was pretty straightforward. So now I'm enjoying fully secured SSHv2 sessions.

But again, I decided against utilizing some parts of my plans, like using 256bit
AES cipher, instead of the intended 448bit Blowfish cipher, as it would be overkill with regards to the processing power available on the desktop machine I'm going to use ;P (Pentium-III 1st gen. 800Mhz). From what I know, Norwegian government-sections use 256bit AES, so it will more than suffice for my uses. Less is more.

I also set up a basic, free static hostname (with wildcards) to reach my public gateway-machine, and a secondary hostname for dynamic http-forwarding to the web-server hosted on the domain.

Good luck to the ones wanting to crack these streams! ;D

0 kommentarer :

Post a Comment