----- Original Message ----- From: "Michael Sullivan" <michael@xxxxxxxxxxxxxxxx> To: <fedora-list@xxxxxxxxxx> Sent: Saturday, 24 July, 2004 19:37 Subject: Is ssh not safe? > I've been following the "Hack Attempts" thread and I've come to the > conclusion that having my router route port 22 requests through to my > server PC is not safe. Here's my situation. I use my server PC for web > hosting and email. Most of my users access their accounts from outside > the router (my network is based in my apartment and my wife and I are > the only ones who use it here.) I don't users telnetting in because of > the security risk (I don't quite understand this, but I've read about it > in more than one place, so it's probably true), so I've enabled ssh so > that they can log in and change their passwords if need be. They upload > their web pages through FTP, supplying their username and password. > Spammers try to use the mail server every day - I have to read about it > in my daily Logwatch, but I don't think they ever succeed. I should > probably keep a closer eye on the logs. Is there a way for users to > change their passwords through their FTP clients? Or is there a safer > way to allow them to change their passwords? I think SSH is safe enough with its encryption.( Of course everything can eventually be cracked ) The main reason you should not use telnet over the internet is that its passwords are sent over UN-excrypted and therefor easier to capture by anyone who is able to access the network with a sniffer. Reading the logs is something a good system administrator really should do every day and take action where neccessary. Users cannot change their passwords with the ftp client as far as I know, but you could set a timeframe for them to have to change their password every 12 weeks e.g. Edwin
