Thread: ssh root
View Single Post
Old 8th April 2009
mwatkins mwatkins is offline
Flying Circus Master
 
Join Date: Mar 2009
Location: Vancouver
Posts: 23
Default

I like cleaner logs myself; hosts.allow or a firewall will give you that. Unless a hacker happens to be in the same block of IP's as my office or home, they won't be able to make a connection to port 22 or even be aware that it is there behind the wall.

Good point re public key vs password auth - I admit to just assuming no one would do otherwise.

One of the big web hosting sites is down right now - hacked, credit cards stolen, because (if I have the story straight) of a weak password the authors of vbulletin had on the system. The hacker destroyed database records; Webhostingtalk.com had just got back on its feet again more or less when today the hacker proved to them that he had credit card data from their servers. Down again.

Moral of the story: don't use weak passwords; don't use passwords if public key is a viable alternative; don't use the same password for your on-line community accounts as you do for managing services, servers, and software.

Last edited by mwatkins; 8th April 2009 at 12:29 AM.
Reply With Quote