From owner-freebsd-questions@FreeBSD.ORG  Thu May  8 21:11:06 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A569F37B401
	for <questions@freebsd.org>; Thu,  8 May 2003 21:11:06 -0700 (PDT)
Received: from alpha.yumyumyum.org (dsl092-171-091.wdc1.dsl.speakeasy.net
	[66.92.171.91])	by mx1.FreeBSD.org (Postfix) with ESMTP id D08F543F75
	for <questions@freebsd.org>; Thu,  8 May 2003 21:11:04 -0700 (PDT)
	(envelope-from culverk@yumyumyum.org)
Received: from alpha.yumyumyum.org (localhost [127.0.0.1])
	by alpha.yumyumyum.org (8.12.9/8.12.6) with ESMTP id h494A9MT066937;
	Fri, 9 May 2003 00:10:09 -0400 (EDT)
	(envelope-from culverk@yumyumyum.org)
Received: from localhost (culverk@localhost)h494A87t066934;
	Fri, 9 May 2003 00:10:08 -0400 (EDT)
	(envelope-from culverk@yumyumyum.org)
X-Authentication-Warning: alpha.yumyumyum.org: culverk owned process doing -bs
Date: Fri, 9 May 2003 00:10:08 -0400 (EDT)
From: Kenneth Culver <culverk@yumyumyum.org>
To: Daniela <dgw@liwest.at>
In-Reply-To: <200305090602.58610.dgw@liwest.at>
Message-ID: <20030509000921.P66401-100000@alpha.yumyumyum.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Spam-Status: No, hits=-8.6 required=5.0
	tests=IN_REP_TO,QUOTED_EMAIL_TEXT,QUOTE_TWICE_1,X_AUTH_WARNING
	version=2.53
X-Spam-Level: 
 X-Spam-Checker-Version: SpamAssassin 2.53 (1.174.2.15-2003-03-30-exp)
X-Spam-Checker-Version: SpamAssassin 2.53 (1.174.2.15-2003-03-30-exp)
cc: questions@freebsd.org
cc: Kirill Pisman <anyher@ngs.ru>
Subject: Re: Why is port 22 open by default?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 09 May 2003 04:11:06 -0000

> > D> I was just wondering:
> > D> Is SSH really so secure that it can be on by default?
> >
> > D> I'm really paranoid, and I could sleep better if the answer was yes :-)
> >
> > if you *REALY* paranoid  you can  juct  switch  your computer  off :)
> >
> > if you are  fully trust  your local area network there is  no  reaseon to
> > afraid (but passwords) , othervice there is  some  'pantom menace'
> > that  ssh could  de cracked by someone  , who will dump all the
> > connections to your  computer  all the  time
>
> Is there some way to prevent this?
>
SSH is fairly secure, but there is no 100% secure remote access solution.
That said, you should be fine with ssh enabled, I've had it enabled for
ages without problems, just make sure you pick a good password.

Ken