Security Basics mailing list archives
Re: Leaving a door open?
From: slashboot <slashboot () gmail com>
Date: Fri, 27 May 2005 22:40:03 +0200
Hello, On 5/27/05, Emmanuel Goldstein <goldstein101 () gmail com> wrote:
Hi!
[..]
Is this secure??? Note that my admin password is really hard to guess, so im not concerned about bruteforce attacks.
Well, ssh is widely used for secure connections and bruteforce attacks won't work on strong passwords. Anyway, logguing as root is a bad idea, so you better log in as a normal user then, su to root. Disabling ssh root login gives you more protection. You can also limit the IP range that can connect to your ssh server in your configuration firewall. You can limit the number of connexion retries if your firewall has that featrure (iptable does). I think that a big security hole in ssh will lead to a very big mess on the planet ;)
Should I map ports so instead of opening 22 I access through (eg) 'ssh -p 7623'. That way is not that obvious i have an open ssh port is, it?
well you can hide things, but there are fingerprinting techniques (try nmap -sV -p 7623 on your localhost) that reveals the services + their version etc..
Is it better to just set up an ftp server?
No, ssh is much better. Ftp is a clear text protocol !! -- /boot
Current thread:
- Leaving a door open? Emmanuel Goldstein (May 27)
- Re: Leaving a door open? Diego Kellner (May 30)
- Re: Leaving a door open? Gonzalo Martinez (May 30)
- Re: Leaving a door open? Jonathan Loh (May 31)
- Re: Leaving a door open? Raphaƫl Rigo ML (May 30)
- Re: Leaving a door open? v3x (May 30)
- Re: Leaving a door open? Robert Perriero (May 30)
- Re: Leaving a door open? slashboot (May 30)
- Re: Leaving a door open? Ashish Popli (May 30)
- Re: Leaving a door open? J0ck3r (May 30)
- Re: Leaving a door open? Emmanuel Goldstein (May 30)
- Re: Leaving a door open? SandEr (May 30)
- <Possible follow-ups>
- Re: Leaving a door open? Nobody Special (May 30)