Thread: IRC on the N900?
View Single Post
CrashandDie is offline CrashandDie
2009-12-02 , 22:57
Posts: 336 | Thanked: 610 times | Joined on Apr 2008 @ France
#19
Originally Posted by ewan View Post
There are hundreds of reasons to want to be able to SSH into your desktop - it's a fantastically useful thing to be able to do. If you set it up with only one username allowed to log in, and only with a key, you're pretty secure from would-be bad guys.

If you can do it this way, you should - it's great.
Actually, the "one username only makes it secure" is a myth. A username isn't a secret, and it shouldn't be treated as one. Yes, my username on my boxes is "slauwers". Yes, my boxes are exposed to the wild wild web.

Just disallow root logon and enforce PKI authentication. Has been discussed plenty of times.

Originally Posted by davost View Post
Granted, ssh is very useful, I use it a lot. But I only have it enabled when and where I really need it. As a matter of fact you are not really safe. Just consider TLS. The foundation of almost all web security. That was considered safe until the renogatiation weakness was discovered not many months ago.
You're paranoid, good for you. Most people can't be bothered to turn sshd on and off the whole time -- it kinda defeats the purpose. SSH with PKI authentication is very secure. I can give you a few IPs, to you and the whole wide world, and I have no doubt no one would hack it by guessing my private key. Maybe an exploit in one of the cryptolibraries, but then again, that's a one-in-a-million event, and I really doubt my servers are of enough importance to warrant that kind of level of research.

There's much bigger chance one of the gazillion other services you are running will have a leak, exploit or backdoor than SSH.

Oh, and for the record, he never said his desktop was exposed to the web -- wifi works in local too.
 

The Following User Says Thank You to CrashandDie For This Useful Post: