Date: Sun, 11 May 2003 00:41:39 +0000 From: Daniela <dgw@liwest.at> To: William Palfreman <william@palfreman.com> Cc: Kirill Pisman <anyher@ngs.ru> Subject: Re: Why is port 22 open by default? Message-ID: <200305110041.39601.dgw@liwest.at> In-Reply-To: <20030510122815.F79934@ndhn.yna.cnyserzna.pbz> References: <20030509000921.P66401-100000@alpha.yumyumyum.org> <200305101108.13319.dgw@liwest.at> <20030510122815.F79934@ndhn.yna.cnyserzna.pbz>
next in thread | previous in thread | raw e-mail | index | archive | help
On Saturday 10 May 2003 11:52, William Palfreman wrote: > On Sat, 10 May 2003, Daniela wrote: > > > SSH is fairly secure, but there is no 100% secure remote access > > > solution. That said, you should be fine with ssh enabled, I've had it > > > enabled for ages without problems, just make sure you pick a good > > > password. > > > > Sounds like SSH is secure enough for me. Or is a 19 character password > > too short? :-) > > A word of caution here. There have been plenty of previous releases of > OpenSSH that have been cracked, often for reasons external to it, like > the gzip compression library overflow, and more recent issues with > OpenSSL. Unless you really need cross-Internet access to a machine, > don't enable ssh logins on an Internet facing server. If you must have > remote access from the Internet, consider using something more secure > than than passwords for authentication. I use rsa/dsa key > authentication only. Even then, you must pay special attention to > security announcements that affect OpenSSH. Just one question: Why isn't rsa/dsa key authentication the default? Is it hard to set up? Are there other drawbacks?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200305110041.39601.dgw>