From owner-freebsd-questions@FreeBSD.ORG Tue Jun 23 06:38:52 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6886A106564A for ; Tue, 23 Jun 2009 06:38:52 +0000 (UTC) (envelope-from wojtek@wojtek.tensor.gdynia.pl) Received: from wojtek.tensor.gdynia.pl (wojtek.tensor.gdynia.pl [IPv6:2001:4070:101:2::2]) by mx1.freebsd.org (Postfix) with ESMTP id 97D0E8FC0C for ; Tue, 23 Jun 2009 06:38:51 +0000 (UTC) (envelope-from wojtek@wojtek.tensor.gdynia.pl) Received: from wojtek.tensor.gdynia.pl (localhost [IPv6:::1]) by wojtek.tensor.gdynia.pl (8.14.3/8.14.3) with ESMTP id n5N6ch75054873; Tue, 23 Jun 2009 08:38:44 +0200 (CEST) (envelope-from wojtek@wojtek.tensor.gdynia.pl) Received: from localhost (wojtek@localhost) by wojtek.tensor.gdynia.pl (8.14.3/8.14.3/Submit) with ESMTP id n5N6cgvl054870; Tue, 23 Jun 2009 08:38:43 +0200 (CEST) (envelope-from wojtek@wojtek.tensor.gdynia.pl) Date: Tue, 23 Jun 2009 08:38:40 +0200 (CEST) From: Wojciech Puchar To: Daniel Underwood In-Reply-To: Message-ID: References: User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII Cc: freebsd-questions@freebsd.org Subject: Re: Best practices for securing SSH server X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Jun 2009 06:38:52 -0000 > connection, it's a relatively high-risk target. > > What are some good practices for securing this SSH server. Is using a > stored key safer than a password in this instance? I have no If your password is not trivial, then it is secure. using RSA/DSA keys is as good, if you are sure nobody will get it from your laptop. i use keyfiles on every place i have to use ssh regularly.