Why is port 22 open by default?
dgw at liwest.at
Sat May 10 15:42:18 PDT 2003
On Saturday 10 May 2003 11:52, William Palfreman wrote:
> On Sat, 10 May 2003, Daniela wrote:
> > > SSH is fairly secure, but there is no 100% secure remote access
> > > solution. That said, you should be fine with ssh enabled, I've had it
> > > enabled for ages without problems, just make sure you pick a good
> > > password.
> > Sounds like SSH is secure enough for me. Or is a 19 character password
> > too short? :-)
> A word of caution here. There have been plenty of previous releases of
> OpenSSH that have been cracked, often for reasons external to it, like
> the gzip compression library overflow, and more recent issues with
> OpenSSL. Unless you really need cross-Internet access to a machine,
> don't enable ssh logins on an Internet facing server. If you must have
> remote access from the Internet, consider using something more secure
> than than passwords for authentication. I use rsa/dsa key
> authentication only. Even then, you must pay special attention to
> security announcements that affect OpenSSH.
Just one question: Why isn't rsa/dsa key authentication the default?
Is it hard to set up? Are there other drawbacks?
More information about the freebsd-questions