>
> Make sure you use Public Key authentication and disable system
> password authentication. A lot of the SSH attacks are done by botnets.
> [...]
Disagree here. I am more worried about coworkers then script kiddies.
My coworkers know that I have ssh-agent running all the time, and
they know the vanity domain of my home server. It would take a
coworker less time to hack me then it takes for me to walk to the
kitchen and back. Since I am not religious about locking the screen
each time I walk away from the laptop, and because of the nature of
the kids I (used to) work with, I would never use public key on a
public facing interface.
But I should mention that I also got really sick of the script kiddie
login attempts, so I did my own homegrown solution. Since I have a
publicly accessible web server running on the gateway host, I created
a small ssl'd cgi script that, when invoked, adds the connecting ip
address to the /etc/hosts.allow file for the sshd service. Since it
is ssl'd, the web server password auth is not seen cleartext on the
wire. And since it is just opening up the ssh port, I don't worry
about having a strong auth password. It's worked pretty well for me
for several years now.
That said, I do enable PKI access when inside my firewall, so I have
mostly a false sense of security. With easily installable keyloggers
and with wifi access to the gooey center of my home network, there are
still easily accessible vectors for someone determined to get in...
-Tom
_______________________________________________
BLUG mailing list
BLUG@linuxfan.com
http://mailman.cs.indiana.edu/mailman/listinfo/blug
No comments:
Post a Comment