Is it safe to open ssh port to world with only key based authentication?
John Wendel
john.wendel at metnet.navy.mil
Wed Nov 23 17:00:58 UTC 2005
Mike Klinke wrote:
> On Wednesday 23 November 2005 02:00, Vijay Gill wrote:
>
>
>>Recently I started using key based authentication and disabled
>>passwords in /etc/ssh/sshd_conf My question is, is it safe to
>>open the port 22 in my iptables firewall script?
>
>
> There's no black and white answer to that. On a scale of 1 to 10
> you might want to assign numbers as follows:
>
> 1 = unsafe
> 3 = password authentication enabled
> 6 = key based authentication only
> 7 = allowing only certain IP address to access
> 10 = no access allowed to anyone
>
> Some people are perfectly comfortable using strong passwords and
> will consider anything over a '2' to be "safe". Others would only
> consider "safe" to be something at '7' or better and I'm certain
> you'll hear that '10' is the only sure defense.
>
> Regards, Mike Klinke
>
I use a different port number (like 12322) and change it frequently.
Makes it a little harder for the port scanners to find you.
Regards,
John
More information about the fedora-list
mailing list