On Sat, 29 Dec 2007 06:24:26 -0700 Karl Larsen <k5di@xxxxxxxxxx> wrote: > From my own experience I learned you need to use real good passwords > on EVERYTHING. I thought my user password was safe because no one can > get to that. WRONG. A ssh connection can use your weak user password to > get in. > > So use passwords that include letters upper and lower case and > numbers. Then sleep well at night. Better solution: Specify only the usernames and IP addresses allowed to log in through ssh in /etc/ssh/sshd_config Disallow password logins completely in /etc/ssh/sshd_config and use keys instead. Add the appropriate entries to /etc/hosts.allow and /etc/hosts.deny to deny remote access to ssh (and all other services) -- MELVILLE THEATRE ~ Melville Sask ~ http://www.melvilletheatre.com
