Why is port 22 open by default?

Daniela dgw at liwest.at
Sat May 10 15:42:18 PDT 2003


On Saturday 10 May 2003 11:52, William Palfreman wrote:
> On Sat, 10 May 2003, Daniela wrote:
> > > SSH is fairly secure, but there is no 100% secure remote access
> > > solution. That said, you should be fine with ssh enabled, I've had it
> > > enabled for ages without problems, just make sure you pick a good
> > > password.
> >
> > Sounds like SSH is secure enough for me. Or is a 19 character password
> > too short? :-)
>
> A word of caution here.  There have been plenty of previous releases of
> OpenSSH that have been cracked, often for reasons external to it, like
> the gzip compression library overflow, and more recent issues with
> OpenSSL.  Unless you really need cross-Internet access to a machine,
> don't enable ssh logins on an Internet facing server.  If you must have
> remote access from the Internet, consider using something more secure
> than than passwords for authentication.  I use rsa/dsa key
> authentication only.  Even then, you must pay special attention to
> security announcements that affect OpenSSH.

Just one question: Why isn't rsa/dsa key authentication the default?
Is it hard to set up? Are there other drawbacks?




More information about the freebsd-questions mailing list