Laptop safety: Disable sshd on your laptop before conferences

I know you don't have sshd enabled on your laptop. Heck, I bet you have everything disabled just as the corporate security policy (or just your general security paranoia) dictates.

But remember that one time where you needed to copy a lot of data quickly so you enabled ssh logins, as root, with an easy root password? You promised yourself you'd disable it when you were done, but you were in a hurry and forgot.

So before you go to LISA (or any conference), check your laptop.

Is sshd enabled? Check other services.

On a Mac, this is easy: Apple -> System Preferences -> Sharing. Uncheck "Remote Login".

If you want it enabled but less dangerous, edit /etc/sshd_config and change
PermitRootLogin yes
to
PermitRootLogin without-password
That way you can ssh to your laptop as root, but only with proper keys set up, no passwords allowed.

This is a good time to disable other things: printer sharing, file sharing, etc.

Testing is important. Don't trust that GUI control panel or configuration file. Try to connect from another machine. Reboot and try to connect again.

I'm not saying that LISA is a dangerous conference to bring a laptop. Hacking on the network is forbidden. Other conferences actually encourage hacking (Blackhat, for example). Doing this kind of check is good hygiene. Like brushing your teeth.

Posted by Tom Limoncelli in Conferences

No TrackBacks

TrackBack URL: http://everythingsysadmin.com/cgi-bin/mt-tb.cgi/1056

2 Comments | Leave a comment

sudo lsof -i tcp
sudo lsof -i udp

Ensure you understand what every listening program does, and why it is there.

I think is bad practice log on as root, even in your own laptop, and root login should be disabled in ssh.

Leave a comment

 
LISA14 I'm Teaching button