[wellylug] Securing my ssh box

Andrej andrej at paradise.net.nz
Wed Aug 23 06:09:46 NZST 2006


On Wednesday 23 August 2006 00:29, Hong Chyr wrote:
> Hi all
Hi Hong!


> I'm trying to secure my linux box, accessible via ssh by using
> public key authentication. I read in an article that by
> enabling public key auth and disabling password auth, it will
> secure the ssh access.
>
> Is that all I need to worry about? Any opinions about whether
> this is the right /wrong thing to secure a ssh server?
It will obviously depend on how securely the keys (if used 
without a pass-phrase) are stored.
Anyone who can gain access to those can gain access to your
machine.  Personally I think it's debatable whether a key on
a portable device (e.g. a laptop) when used without a pass-phrase
is more secure than a good password.  If you're using an
ssh-agent plus a pass-phrase it should be sane enough as long
as the machine(s) from which you connect isn't (aren't)
accessible without a high-quality password.


> Cheers
> Hong
Cheers,
Andrej

-- 
A: because it messes up threading
Q: why should I not reply by top-posting?
A: No.
Q: Should I include quotations after my reply?




More information about the wellylug mailing list