SSH server authentication (was Re: Remaining DecTalk Issues in Speakup?)
Linux for blind general discussion
blinux-list at redhat.com
Tue Feb 1 16:48:09 UTC 2022
On Tue, 1 Feb 2022, Linux for blind general discussion wrote:
> And lastly on another topic, did something change involving ssh, as now if we
> enable openssh server, any1 can login to my system without any
> authentication. Obviously until we find out how to fix this, its turned off,
> but maybe since last September Debian may have changed something.
YOu didn't say which version of openssh-server or even Debian that you are
running, but unless you're running unstable, I doubt that anything was
changed. Certainly nothing has changed in Bullseye since September.
But a few things to be aware of:
1. The configuration for the SSH server is /etc/ssh/sshd_config
2. The Debian default used at least to allow root login. I always turn
this off because I think it's asking for trouble.
If you have no root password (also a bad idea) and root login is allowed,
anyone could log in as root without a password.
3. You may want to consider requiring remote access using SSH keys. This
means that you can turn off password authentication altogether and only
people with valid keys can log in.
4. You might also want to consider using a non-default port. Yes some
people will eventually find you, but in my experience, you get much less
noise by doing this.
More information about the Blinux-list