Security Basics mailing list archives

Re: Cisco PIX with SSH enabled on external port for maintenance

From: John Maher <john.e.maher () gmail com>
Date: Tue, 15 Nov 2005 15:49:07 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Chris Largret wrote:

If you DO allow access to SSH to the outside world, there are a few
things you can do to make it more secure:

1. Use a non-standard port
2. Use only the strongest algorithms that SSH supports
3. Change the passwords regularly
4. Allow only strong passwords
5. Limit which IP addresses can connect


If feasible, I would recommend using public key authentication and
disabling password authentication.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFDeknDuY7WcSII22oRAqCHAJ0cidbUKqRm4qUKzu/8buP/62haAgCcDJhf
H7mx4DzKwoJz01a/R6gVN+M=
=r+xe
-----END PGP SIGNATURE-----

Current thread:

Cisco PIX with SSH enabled on external port for maintenance Cam Fischer (Nov 10)
- Re: Cisco PIX with SSH enabled on external port for maintenance Alloishus BeauMains (Nov 15)
- Re: Cisco PIX with SSH enabled on external port for maintenance Chris Largret (Nov 15)
  - Re: Cisco PIX with SSH enabled on external port for maintenance John Maher (Nov 16)
    - Re: Cisco PIX with SSH enabled on external port for maintenance Alloishus BeauMains (Nov 17)
    - Re: Cisco PIX with SSH enabled on external port for maintenance Cory Stoker (Nov 21)
    - Re: Cisco PIX with SSH enabled on external port for maintenance Alloishus BeauMains (Nov 21)
- Re: Cisco PIX with SSH enabled on external port for maintenance John Maher (Nov 15)
- <Possible follow-ups>
- Re: Cisco PIX with SSH enabled on external port for maintenance Steve.Cummings (Nov 15)
  - ActivX execution with PowerUser Privilege Marco Spennato (Nov 16)
  - Re: Cisco PIX with SSH enabled on external port for maintenance Cory Stoker (Nov 16)