[clug] secure remote access method

Daniel Pittman daniel at rimspace.net
Fri Jun 19 03:28:03 GMT 2009


Michael Cohen <scudette at gmail.com> writes:
> On Fri, Jun 19, 2009 at 10:52 AM, Adam Thomas<adam.lloyd at gmail.com> wrote:
>> 2009/6/19 Hugh Fisher <hugh.fisher at anu.edu.au>:
>
>> ...or making sure your shell account passwords are secure.
>
> as a matter of course, you should never allow password access anyway:
> PasswordAuthentication no
>
> This is a must on any SSH server (I think its the default now?).  Passwords
> are generally only useful for console access.

Actually, this just pushes the problem out to the leaf: now you have a
password that matters for access, but it lives distributed on each client
machine rather than centralized on your server.

Is this better for security?  That depends entirely on your threat model...

...but I know from where I sit, more compromised Windows clients turn up than
compromised Unix servers. :)

Regards,
        Daniel

A trojan that steals SSH credentials and login history?  Trivial.


More information about the linux mailing list