Is ssh not safe?
Mike Klinke
lsomike at futzin.com
Sat Jul 24 18:01:23 UTC 2004
On Saturday 24 July 2004 12:37, Michael Sullivan wrote:
> I've been following the "Hack Attempts" thread and I've come to the
> conclusion that having my router route port 22 requests through to
> my server PC is not safe. Here's my situation. I use my server PC
> for web hosting and email. Most of my users access their accounts
> from outside the router (my network is based in my apartment and my
> wife and I are the only ones who use it here.) I don't users
> telnetting in because of the security risk (I don't quite
> understand this, but I've read about it in more than one place, so
> it's probably true), so I've enabled ssh so that they can log in
> and change their passwords if need be. They upload their web pages
> through FTP, supplying their username and password. Spammers try to
> use the mail server every day - I have to read about it in my daily
> Logwatch, but I don't think they ever succeed. I should probably
> keep a closer eye on the logs. Is there a way for users to change
> their passwords through their FTP clients? Or is there a safer way
> to allow them to change their passwords?
You will have people trying to break in to any service you offer;
telnet, ftp, ssh, smtp, etc, etc, etc...... If that service has
username:password access then you will see people trying well known
attacks in order to gain access. Some services customarily transmit
usernames:passwords in clear text for anyone capturing data to see;
ftp and telnet, for example. Some services offer the ability to
configure for encrypted logins in order to make it much more
difficult to capture and read; ssh and smtp, for example. In either
case, once a user account name has been discovered an account with an
easy to guess password (any word found in a dictionary, for example)
is easily cracked and your machine is at the mercy of the cracker at
the other end of the connection.
Regards, Mike Klinke
More information about the fedora-list
mailing list