Ubuntu server remote file access
Hal Burgiss
hal at burgiss.net
Fri Sep 27 19:04:51 UTC 2013
On Fri, Sep 27, 2013 at 11:28 AM, Kent Borg <kentborg at borg.org> wrote:
> On 09/27/2013 11:07 AM, Colin Law wrote:
>
>> I thought that if you used keys for authentication and have disabled
>> password access (as the OP has done), then ssh is effectively unbreakable.
>>
>
> Yes, but now you have shifted the risk to a new location: your private ssh
> key.
>
The only way to avoid all risk is to unplug.
> How do you protect it? I hope you have it encrypted, but what if someone
> gets ahold of the encrypted key?
Huh? Private keys are encrypted. But if you have the key, you have the key.
> Where do you keep this key file? How many copies exist? Have you deleted
> a copy of it? Can deleted file be un-deleted?
>
I keep mine in the standard place so ssh can find it. What are we trying to
protect, Fort Knox? I've been doing this quite fine on multiple systems for
13/14 years. Its a good system for most use cases.
> If you have a traditional ssh password the only way to break it is to try
> it against the sshd and it will only let you try so many times a second, so
> much less entropy is needed in your key.
>
Key based authentication is "safe" enough for most use cases.
Simples precautions:
1. Use firewall based access where you can
2. Use something like fail2ban
3. Run ssh on non-standard port, if you are paranoid enough.
4. Run log monitoring software to know what's happening.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20130927/62f1f355/attachment.html>
More information about the ubuntu-users
mailing list