[sllug-members]: How does one properly implement OpenSSH?
Nathan Lane
nathamberlane at gmail.com
Tue Mar 25 08:14:39 MST 2008
That's true about the security through obscurity being a warm fuzzy blanket
- kinda the same feeling Windows XP gives you when you change the login name
for your administrator account :) Anyway I utilize strong passwords and
pass-phrases, so that shouldn't be a problem. The typing the port every
time isn't bothersome either, since I enjoy the command line, programming,
and other text-intensive computer related tasks (like scripting). Thanks
for the advice. Any advice for my username problem? If I own a domain, can
I just set my network on it? Or do I need a domain controller to do that
(I'm not well versed in domains yet).
On Tue, Mar 25, 2008 at 9:06 AM, Corey Edwards <tensai at zmonkey.org> wrote:
> On Tue, 2008-03-25 at 08:47 -0600, Jeff Schroeder wrote:
> > Perhaps. Many automated programs will attempt to make connections on
> > the standard port (22) and hack into your server with usernames ranging
> > from "root" to "webmaster" to "bob". Moving it to another port will
> > prevent many of those attacks, but of course you should already have
> > strong passwords. Moreover, changing ports is just security through
> > obscurity, which is a debatable approach.
>
> If you've got your system properly configured with good passwords then
> you've still got the issue of wasted resources handling all those failed
> login attempts, so moving the port isn't a bad idea IMHO. It also does
> buy you some real security because it makes finding your server one step
> harder, something that script kiddies aren't likely to do. That's
> valuable. If it's worth the trade-off of having to specify the port
> number when you connect, then go for it.
>
> The real problem with security through obscurity is when people use
> obscurity *alone* as their security. They treat their obscurity as a
> warm fuzzy blanket and ignore other aspects of their system. That's a
> Bad Idea(R).
>
> Corey
>
>
> ______________________________________________________________________
> See http://www.sllug.org/ for latest SLLUG news, information, links.
> Join SLLUG and other UT LUG members on irc.FreeNode.net channel #Utah
> sllug-members at sllug.org
> http://www.sllug.org/cgi-bin/mailman/listinfo/sllug-members
>
--
Nathan Lane
Home, http://www.nathandelane.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://sllug.org/pipermail/sllug-members/attachments/20080325/8b25e730/attachment.html
More information about the sllug-members
mailing list