[clug] secure remote access method
Daniel Pittman
daniel at rimspace.net
Fri Jun 19 03:26:31 GMT 2009
Hugh Fisher <hugh.fisher at anu.edu.au> writes:
> Never use port 22 ... ssh with port knocking ... tunnelling over http ...
>
> I find it somewhat disturbing that everybody is recommending increasing
> forms of security by obscurity and nobody has suggested actually working on
> making ssh - a FOSS project - more robust and bug free.
The issue in question is dealing with weak passwords, a social problem[1],
which is not hugely tractable to technical solutions.
That aside, the main reason no one talks about that is that the SSH
maintainers take security enormously seriously so the discussion would run
something like this:
"You should make OpenSSH more robust and bug free"
"How do you propose we do that?"
"Well, you could ..."
"We do."
"How about ...?"
"We do."
"What about ...?"
"We do."
After all, you would be extremely hard pressed to find a more security focused
group of software maintainers than the core secure login technology of the
OpenBSD project, who have as their key selling point that they are secure.
Plus, finding someone more serious than Theo, who does keep an eye on the
OpenSSH stuff, would be ... challenging.
Regards,
Daniel
Footnotes:
[1] ...which is why the "solutions" fall into two camps, one of "don't allow
(static) password logins" and another of "obscure your SSH service".
More information about the linux
mailing list