On Jul 24, 2004, at 1:37 PM, Michael Sullivan wrote:
I've been following the "Hack Attempts" thread and I've come to the conclusion that having my router route port 22 requests through to my server PC is not safe.
It's a whole lot safer than telnet and ftp. What in reality may not be "safe" are the practices of your users. One of the leading causes of intrusion is poor selection of passwords.
Here's my situation. I use my server PC for web
hosting and email. Most of my users access their accounts from outside
the router (my network is based in my apartment and my wife and I are
the only ones who use it here.) I don't users telnetting in because of
the security risk (I don't quite understand this, but I've read about it
in more than one place, so it's probably true), so I've enabled ssh so
that they can log in and change their passwords if need be.
Correct, telnet is not safe. Every single keystroke (including the username and password) pass over the wire in the clear. Anyone between the sites could potentially intercept and use that information to compromise your system(s). Anyone on the local network at either end could also observe the information passing on the wire. Using ssh is the only reasonable alternative there - it's encrypted.
They upload their web pages through FTP, supplying their username and password.
Bad move. Clear passwords. Use sftp. Plenty of sftp clients are available, many are even free.
