From owner-freebsd-questions@FreeBSD.ORG  Sat May 10 04:42:38 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1B20F37B401
	for <questions@freebsd.org>; Sat, 10 May 2003 04:42:38 -0700 (PDT)
Received: from ntli.com (pc1-glfd2-4-cust59.glfd.cable.ntl.com [81.99.187.59])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D1CD343FBF
	for <questions@freebsd.org>; Sat, 10 May 2003 04:42:36 -0700 (PDT)
	(envelope-from william@palfreman.com)
Received: from aqua.lan.palfreman.com (localhost [127.0.0.1])
	by ntli.com (8.12.3p2/8.12.3) with ESMTP id h4ABqHMQ055055;
	Sat, 10 May 2003 12:52:17 +0100 (BST)
	(envelope-from william@palfreman.com)
Received: from localhost (william@localhost)h4ABqHBu055052;
	Sat, 10 May 2003 12:52:17 +0100 (BST)
X-Authentication-Warning: aqua.lan.palfreman.com: william owned process doing
	-bs
Date: Sat, 10 May 2003 12:52:17 +0100 (BST)
From: William Palfreman <william@palfreman.com>
To: Daniela <dgw@liwest.at>
In-Reply-To: <200305101108.13319.dgw@liwest.at>
Message-ID: <20030510122815.F79934@ndhn.yna.cnyserzna.pbz>
References: <20030509000921.P66401-100000@alpha.yumyumyum.org>
 <200305101108.13319.dgw@liwest.at>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: Kenneth Culver <culverk@yumyumyum.org>
cc: questions@freebsd.org
cc: Kirill Pisman <anyher@ngs.ru>
Subject: Re: Why is port 22 open by default?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 10 May 2003 11:42:38 -0000

On Sat, 10 May 2003, Daniela wrote:

> > SSH is fairly secure, but there is no 100% secure remote access solution.
> > That said, you should be fine with ssh enabled, I've had it enabled for
> > ages without problems, just make sure you pick a good password.
>
> Sounds like SSH is secure enough for me. Or is a 19 character password too
> short? :-)

A word of caution here.  There have been plenty of previous releases of
OpenSSH that have been cracked, often for reasons external to it, like
the gzip compression library overflow, and more recent issues with
OpenSSL.  Unless you really need cross-Internet access to a machine,
don't enable ssh logins on an Internet facing server.  If you must have
remote access from the Internet, consider using something more secure
than than passwords for authentication.  I use rsa/dsa key
authentication only.  Even then, you must pay special attention to
security announcements that affect OpenSSH.

-- 
W. Palfreman. 			I'm looking for a job. Read my CV at:
Tel: 0771 355 0354		www.palfreman.com/william/cv-wfp2.html