Re: Cisco PIX with SSH enabled on external port for maintenance

From: John Maher (john.e.maher_at_gmail.com)
Date: 11/15/05

  • Next message: Jon Gucinski: "RE: Password creating Theories"
    Date: Tue, 15 Nov 2005 15:49:07 -0500
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Chris Largret wrote:
    > If you DO allow access to SSH to the outside world, there are a few
    > things you can do to make it more secure:
    >
    > 1. Use a non-standard port
    > 2. Use only the strongest algorithms that SSH supports
    > 3. Change the passwords regularly
    > 4. Allow only strong passwords
    > 5. Limit which IP addresses can connect

    If feasible, I would recommend using public key authentication and
    disabling password authentication.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.1 (GNU/Linux)
    Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

    iD8DBQFDeknDuY7WcSII22oRAqCHAJ0cidbUKqRm4qUKzu/8buP/62haAgCcDJhf
    H7mx4DzKwoJz01a/R6gVN+M=
    =r+xe
    -----END PGP SIGNATURE-----


  • Next message: Jon Gucinski: "RE: Password creating Theories"

    Relevant Pages

    • Re: SSH hacked?
      ... Why use passwords at all with SSH? ... public key authentication is several orders of magnitude harder to crack ...
      (Ubuntu)
    • Re: SSH hacked?
      ... Why use passwords at all with SSH? ... public key authentication is several orders of magnitude harder to crack ... key authentication will protect you from brute force attacks on SSH. ...
      (Ubuntu)
    • Re: Setting up a secure shell server
      ... > the box with ssh using public key authentication only (possibly ... > including ip addresses), no passwords. ... > a whitepaper or how-to on setting up a secure shell server. ...
      (Focus-Linux)
    • Re: Bullies get into FireFox, and make a mess in F-14, way too easily, forcing me to DBAN the hd
      ... Are you running Firefox as root or as a normal user? ... Could the bullies know your passwords? ... Do these bullies have physical access to your PC? ... I dislike the default ssh server configuration on Fedora. ...
      (Fedora)
    • UPDATE Re: rlogin - security question [expanded to smartcard technology]
      ... explinations of ssh etc. ... 0-13-100092-6) with the words "The Official Sun Microsystems Resource ... place root / users cannot set/change passwords. ... > we are required to allow rlogin access to all by means of .rhosts files. ...
      (SunManagers)