SSH server authentication (was Re: Remaining DecTalk Issues in Speakup?)

Linux for blind general discussion blinux-list at
Tue Feb 1 16:48:09 UTC 2022

On Tue, 1 Feb 2022, Linux for blind general discussion wrote:

> And lastly on another topic, did something change involving ssh, as now if we 
> enable openssh server, any1 can login to my system without any 
> authentication. Obviously until we find out how to fix this, its turned off, 
> but maybe since last September Debian may have changed something.


YOu didn't say which version of openssh-server or even Debian that you are 
running, but unless you're running unstable, I doubt that anything was 
changed.  Certainly nothing has changed in Bullseye since September.

But a few things to be aware of:

1.  The configuration for the SSH server is /etc/ssh/sshd_config

2.  The Debian default used at least to allow root login. I always turn 
this off because I think it's asking for trouble.

If you have no root password (also a bad idea) and root login is allowed, 
anyone could log in as root without a password.

3.  You may want to consider requiring remote access using SSH keys.  This 
means that you can turn off password authentication altogether and only 
people with valid keys can log in.

4.  You might also want to consider using a non-default port.  Yes some 
people will eventually find you, but in my experience, you get much less 
noise by doing this.


More information about the Blinux-list mailing list