Re: SSH attack
From: Marty (martyb_at_ix.netcom.com)
Date: 10/11/05
- Previous message: [KS]: "Re: dist-upgrade wierdness"
- In reply to: *** Davies: "Re: SSH attack"
- Next in thread: Ritesh Raj Sarraf: "Re: SSH attack"
- Reply: Ritesh Raj Sarraf: "Re: SSH attack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 11 Oct 2005 14:47:48 -0400 To: Debian User <debian-user@lists.debian.org>
*** Davies wrote:
> On 11/10/05, Marty <martyb@ix.netcom.com> wrote:
>
>> If your machines are all exposed to the internet or to an insecure
>> LAN, then I don't see how you can safely use ssh at all. I would
>> never attempt such a thing, so you are much braver than I.
>>
>> What I would do instead is limit ssh logins to a single heavily
>> scrutinized, stripped and locked down, dedicated (internet) ssh server,
>> which would be manually activated (maybe remotely) for each ssh
>> use, and turn off all other times.
>
> 'maybe remotely' - aren't you just pushing back the problem?
Yes it replaces one security headache with another, but having
remote out-of-band access may be useful for other reasons, and
therefore worth the risk.
I first got the idea from ISPs which allow remote control of customer
servers for reboots or maintenance.
For example, I might use a modem on a system with no LAN connection,
controlling an X-10 network. Then hopefully the worst damage an
intruder could do is reboot or power off the servers.
-- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
- Previous message: [KS]: "Re: dist-upgrade wierdness"
- In reply to: *** Davies: "Re: SSH attack"
- Next in thread: Ritesh Raj Sarraf: "Re: SSH attack"
- Reply: Ritesh Raj Sarraf: "Re: SSH attack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
