Re: Is ssh not safe?

From: Mike Klinke (lsomike_at_futzin.com)
Date: 07/24/04

  • Next message: Marian POPESCU: "Re: New hard drive mounting rights problems ..." 
    To: For users of Fedora Core releases <fedora-list@redhat.com>
Date: Sat, 24 Jul 2004 13:01:23 -0500

    On Saturday 24 July 2004 12:37, Michael Sullivan wrote:
    > I've been following the "Hack Attempts" thread and I've come to the
    > conclusion that having my router route port 22 requests through to
    > my server PC is not safe. Here's my situation. I use my server PC
    > for web hosting and email. Most of my users access their accounts
    > from outside the router (my network is based in my apartment and my
    > wife and I are the only ones who use it here.) I don't users
    > telnetting in because of the security risk (I don't quite
    > understand this, but I've read about it in more than one place, so
    > it's probably true), so I've enabled ssh so that they can log in
    > and change their passwords if need be. They upload their web pages
    > through FTP, supplying their username and password. Spammers try to
    > use the mail server every day - I have to read about it in my daily
    > Logwatch, but I don't think they ever succeed. I should probably
    > keep a closer eye on the logs. Is there a way for users to change
    > their passwords through their FTP clients? Or is there a safer way
    > to allow them to change their passwords?

    You will have people trying to break in to any service you offer;
    telnet, ftp, ssh, smtp, etc, etc, etc...... If that service has
    username:password access then you will see people trying well known
    attacks in order to gain access. Some services customarily transmit
    usernames:passwords in clear text for anyone capturing data to see;
    ftp and telnet, for example. Some services offer the ability to
    configure for encrypted logins in order to make it much more
    difficult to capture and read; ssh and smtp, for example. In either
    case, once a user account name has been discovered an account with an
    easy to guess password (any word found in a dictionary, for example)
    is easily cracked and your machine is at the mercy of the cracker at
    the other end of the connection.

    Regards, Mike Klinke 

    -- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
  • Next message: Marian POPESCU: "Re: New hard drive mounting rights problems ..."