Re: Changing SSH and Apache ports

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 12/16/05, Scot L. Harris <webid@xxxxxxxxxx> wrote:
> On Fri, 2005-12-16 at 11:54, Dotan Cohen wrote:
>
> > I just spent a few minutes googling the subject, and it appears that
> > apache, mail, etc dont have passwords at all. So why do they bother
> > trying to SSH in on those names? Or will the root password let them in
> > (I'd try it before I ask, but I'm not home now and the machine is
> > behind a new router that I haven't configured for port forwarding
> > yet)?
>
> They are looking for any valid user id on the system that MIGHT have had
> a password set.  Shotgun approach, hit them all and maybe one of them
> might work.
>
> >
> > If root is disabled from logging in via ssh, and I only have one other
> > real user on the system (who I WANT to let in), then is there no real
> > reason to use AllowUsers?
> >
>
> specifying the specific user by AllowUsers is best practice.  If someone
> did set a password on one of those other accounts this would prevent it
> from being used for ssh access.
>
> > Also, if I post something here that I copied from the command line, like:
> > [sharon@localhost] $
> >
>
> > is this insecure? Because that is saying "Here! Use user 'sharon' to
> > SSH me!". Should I be more careful in the future with that?
>
> Not a bad idea.
>

Really? I think that I'm now convinced to use keys and not even
passwords. I'm starting to feel that SSH is just not secure. I know
that it is if it is properly buttoned down, so I will certainly button
it down.

Thanks for all the useful info. Just keeping the machine safe...

Dotan Cohen
http://technology-sleuth.com/technical_answer/what_is_a_router.html


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux