Re: Leaving a door open?

From: Diego Kellner (dkepler_at_gmail.com)
Date: 05/27/05

  • Next message: Doug.Janelle_at_Thermo.com: "Re: Linking Password Length to Write-down probability" 
    Date: Fri, 27 May 2005 13:31:19 -0300
To: security-basics@securityfocus.com

    Emmanuel,
    I've used this in the past and I consider it secure (much more than
    leaving FTP open), as long as you keep up to date with your SSH
    server, use SSH2 and have a strong password (I'd recommend
    certificates if you access your computer from the same clients). SSH
    gives you the ability tu tunnel other not-so-secure applications like
    VNC, so you can actually have full control of your computer from the
    outside.
    Changing the port could help prevent automated attacks on SSH (you'll
    probably get a few login attempts a week), but wouldn't stop a
    determined attacker from finding out where your SSH is running (as
    simple as running NMAP -v).
    Regards,
    Diego

    On 5/27/05, Emmanuel Goldstein <goldstein101@gmail.com> wrote:
    > Hi!
    >
    > My ISP gives me a static Ip and I was thinking about leaving the SSH
    > port open so I can access my computer from anywhere since i always
    > have it switched on.
    >
    > I have a linux box that is integrated in my home Lan, and a router
    > with firewall capabilities.
    >
    > Is this secure??? Note that my admin password is really hard to guess,
    > so im not concerned about bruteforce attacks.
    >
    > Should I map ports so instead of opening 22 I access through (eg) 'ssh
    > -p 7623'. That way is not that obvious i have an open ssh port is, it?
    >
    > Any other security issues i should be concerned about?
    > Is this a good idea?
    > Is it better to just set up an ftp server?
    >
    >
    > Thanks for your help. Cheers. Bye.
    >

  • Next message: Doug.Janelle_at_Thermo.com: "Re: Linking Password Length to Write-down probability"

    Relevant Pages

    • Re: [Full-disclosure] Why Vulnerability Databases cant do everything
      ... best to relegate programming to a ... is a big difference between these two views of information security. ... but not nearly as important as designing secure systems. ... My favorite example to illustrate this point - ssh. ...
      (Bugtraq)
    • Questions on secure remote access to Fedora Core 2
      ... I am somewhat new to Internet security solutions in general and Linux ... I am setting up a server with Fedora Core 2 (there are specific reasons ... What is the most secure method I can use to give these individuals access ... under ssh. ...
      (comp.os.linux.security)
    • Re: How Can I use ssh in my perl code
      ... ssh is a secure replacement for rlogin/telnet. ... database connections. ... perl script through ssh. ...
      (perl.dbi.users)
    • Re: 9.1 Install: Holes in Security in Default install
      ... ssh is better known as the "secure shell". ... instead of "-a" to see network addresses and port numbers rather than ... > With Mandrake I was given the option at install to close all these ports, ...
      (alt.os.linux.suse)
    • Re: RE: Telnet/SSL v SSH
      ... My real question is which is better to secure the communication between them. ... I'm interested in authentication and non-repudiation if possible. ... >nearly the same robustness as SSH from the perspective of Authentication, ...
      (Security-Basics)