Mailinglist Archive: opensuse (1986 mails)
| < Previous | Next > |
Re: [opensuse] Results of moving ssh to a high port - Zero scriptkiddies in a 24 hour period.
- From: "Rajko M." <rmatov101@xxxxxxxxxxx>
- Date: Sat, 29 Nov 2008 08:52:00 -0600
- Message-id: <200811290852.00718.rmatov101@xxxxxxxxxxx>
On Saturday 29 November 2008 04:30:44 am G T Smith wrote:
I was talking about private/public keypair and ssh access. Once you setup
computers that can talk to each other and exclude all others, you just
connect. It is some work to move public keys around, but once it is done you
need procedure only when you buy new computer, or hard disk fails. Nothing
can get lost, as you have nothing to remember.
Sure, under some circumstances :-D
Under normal conditions, it is not so hard to trick yourself and forget easy
to remember password. I did that few times creating passwords for others.
Luckily I know more than one way to recover from that kind of problem,
otherwise it would be real embarrassment.
It is good idea, but as you said it involves some work and extra resources and
it has no justification in home or small office setting.
--
Regards, Rajko
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
Rajko M. wrote:
On Friday 28 November 2008 07:33:01 am G T Smith wrote:
I would agree, that if you have a regular need for ssh access from an
external location that this is the preferable authentication mechanism,
though a slight case of overkill for a small home network for mainly
internal use.
In any network it is more convenient to have keypair authentication, than
to type passwords all the time. One time more work and then enjoy.
I would generally prefer the password protected key option (to use the
key you have to authenticate with a password), which is same difference
in the latter context. The thing about household or computer keys (like
single socks, paper clips, and pens) is they can get lost, usually when
you most need them :-) . If the wrong person gets the lost key then you
could be toast if the key is not protected.
I was talking about private/public keypair and ssh access. Once you setup
computers that can talk to each other and exclude all others, you just
connect. It is some work to move public keys around, but once it is done you
need procedure only when you buy new computer, or hard disk fails. Nothing
can get lost, as you have nothing to remember.
For private use I tend to prefer password, entry plus blocks on external
firewall as I have very little call for external ssh access at the
moment. On the very rare occasions I think I will need it (once in the
last 12 months or so), I set up the port to be opened at external
firewall at a fixed time for a fixed time. (The key is in your head, and
if you loose that you have other things to worry about :-) ).
Sure, under some circumstances :-D
Under normal conditions, it is not so hard to trick yourself and forget easy
to remember password. I did that few times creating passwords for others.
Luckily I know more than one way to recover from that kind of problem,
otherwise it would be real embarrassment.
What I would like to do is fix up some sort of single sign on, so one
authentication allows access networked resources at a network level, but
unfortunately for *NIX this would be a major project (and getting this
to work with ssh, cups, apache and samba etc could be a major pain). So
one has one strong point of entry rather than several points of varying
strength.
It is good idea, but as you said it involves some work and extra resources and
it has no justification in home or small office setting.
If this requirement changes I will almost certainly implement something
better, but until this happens I have other things to do. YMMV
--
Regards, Rajko
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
| < Previous | Next > |