Re: Leaving a door open?

[Nobody Special <harmless () owbn org>]

Emmanuel Goldstein wrote:
> Is this secure??? Note that my admin password is really hard to guess,
> so im not concerned about bruteforce attacks.
--------------------
My first suggestion would be to disable root logins via ssh.
Login with your user account and do any root level work via sudo or su.

If you allow root access remotely you have already made an attackers job that
much easier.  Now they don't have to bother to figure out a valid username for
the start of a brute force attack.
--------------------
> Should I map ports so instead of opening 22 I access through (eg) 'ssh
> -p 7623'. That way is not that obvious i have an open ssh port is, it?
--------------------
Depends on the scanning software being used, if the port responds to connection
attempts with negotiating a shared secret key well there is a good chance that
SSH is running on that port.
--------------------
> Any other security issues i should be concerned about?
--------------------
See the comment about remote root logins above
--------------------
> Is this a good idea?
--------------------
Is using SSH to do remote work a good idea?  It's a better idea than many other
possibilities.  If you need to work remotely it is a valid and useful tool.

If you don't need to work remotely, it's a potential hole for someone to exploit.
--------------------
> Is it better to just set up an ftp server?
--------------------
Not if you are interested in security for the files and your passwords.

Enjoy

--