Re: Leaving a door open?

[slashboot <slashboot () gmail com>]

Hello,

On 5/27/05, Emmanuel Goldstein <goldstein101 () gmail com> wrote:
> Hi!
[..]
> Is this secure??? Note that my admin password is really hard to guess,
> so im not concerned about bruteforce attacks.

Well, ssh is widely used for secure connections and bruteforce attacks
won't work on strong passwords. Anyway, logguing as root is a bad
idea, so you better log in as a normal user then, su to root.
Disabling ssh root login gives you more protection.
You can also limit the IP range that can connect to your ssh server in
your configuration firewall. You can limit the number of connexion
retries if your firewall has that featrure (iptable does).

I think that a big security hole in ssh will lead to a very big mess
on the planet ;)

> Should I map ports so instead of opening 22 I access through (eg) 'ssh
> -p 7623'. That way is not that obvious i have an open ssh port is, it?

well you can hide things, but there are fingerprinting techniques (try
nmap -sV -p 7623 on your localhost) that reveals the services + their
version etc..
 
> Is it better to just set up an ftp server?

No, ssh is much better. Ftp is a clear text protocol !!

-- 
/boot