Re: tightening ssh

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, Nov 19, 2005 at 10:41:52AM -0500, Tony Nelson wrote:

> Port obscurity is not much of a strategy.  Maybe the current scripts don't
> try other ports, but it would be simple enough to add a port scan and then
> probe all open ports.  Expect it.

The only "advantage" I see to a different port is a slightly reduced
performance impact from brute force attempts, and cleaner incidence
logs.

> I suggest one of the secure ways to set up SSH:  public key pair or
> encrypted passwords.  And only allow SSH 2.  Public key should be simple
> /enough/ to set up; your user would need to make a key with GPG and put the
> private key in the right place (I think man ssh tells where) and give you
> the public key to put in the right place.

Someone mentioned to me in passing the other day, that you can have sshd
require both a key, and password authentication.  Which sounds kind of
neat, because then you don't have to trust that the user has a password
on their key. :)

Cheers,
-danny

-- 
http://dannyman.toldme.com/


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux