Is ssh not safe?

[Colin Paul Adams]

>>>>> "Michael" == Michael Sullivan <michael at espersunited.com> writes:

    Michael> I've been following the "Hack Attempts" thread and I've
    Michael> come to the conclusion that having my router route port
    Michael> 22 requests through to my server PC is not safe.  Here's
    Michael> my situation.  I use my server PC for web hosting and
    Michael> email.  Most of my users access their accounts from
    Michael> outside the router (my network is based in my apartment
    Michael> and my wife and I are the only ones who use it here.)  I
    Michael> don't users telnetting in because of the security risk (I
    Michael> don't quite understand this, but I've read about it in
    Michael> more than one place, so it's probably true), so I've
    Michael> enabled ssh so that they can log in and change their
    Michael> passwords if need be.  They upload their web pages
    Michael> through FTP, supplying their username and password.
    Michael> Spammers try to use the mail server every day - I have to
    Michael> read about it in my daily Logwatch, but I don't think
    Michael> they ever succeed.  I should probably keep a closer eye
    Michael> on the logs.  

Ssh is as safe as you can get.
If you edit sshd_config, you can turn off password and
challengeresponse authorization, and only allow public key access.
And you can specify exactly which users are allowed to login through
ssh.

If you do this, then such hacking attempts are doomed to failure -
even if they can guess an allowed user-id, and password, then they
still can't login - unless they somehow manage to edit the
.ssh/authorized_keys file for the user concerned. And if they've
managed that, then there must have been a security breach already.
-- 
Colin Paul Adams
Preston Lancashire