RE: SSH Security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: "'For users of Fedora Core releases'" <fedora-list@xxxxxxxxxx>
Subject: RE: SSH Security
From: "STYMA, ROBERT E (ROBERT)" <stymar@xxxxxxxxxx>
Date: Wed, 7 Dec 2005 08:35:52 -0600
List-help: <mailto:[email protected]?subject=help>
List-id: For users of Fedora Core releases <fedora-list.redhat.com>
List-post: <mailto:[email protected]>
List-subscribe: <https://www.redhat.com/mailman/listinfo/fedora-list>, <mailto:[email protected]?subject=subscribe>
List-unsubscribe: <https://www.redhat.com/mailman/listinfo/fedora-list>, <mailto:[email protected]?subject=unsubscribe>
Reply-to: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>

> Key based authentication is the right way to go.  You should disable
> root ssh access completely.  
> 

Key based authentication is good, but there is one caveat.  Straight
key based allows you to log in directly without typing a password.
If you are ssh'ing from work to home from a UNIX machine, any sys-admin
with the root password on your work machine can become you and then
ssh to your home machine as you with no password.  Maybe you don't care
if your sysadmin is dinking around in your home machine and maybe you do.

I am not saying not to use key based authentication, but it is not a 
cure all.  

Bob Styma

Follow-Ups:
- RE: SSH Security
  - From: Scot L. Harris
- Re: SSH Security
  - From: Alexander Dalloz

Prev by Date: Re: saslauthd startup fails
Next by Date: Re: Problem with Apache on FC3(2nd Time Post)
Previous by thread: Re: SSH Security
Next by thread: Re: SSH Security
Index(es):
- Date
- Thread

[Index of Archives] [Current Fedora Users] [Fedora Desktop] [Fedora SELinux] [Yosemite News] [Yosemite Photos] [KDE Users] [Fedora Tools] [Fedora Docs]