On Thu, May 05, 2011 at 03:46:27PM -0700, CACook@quantum-sci.com wrote:
On Thursday 5 May, 2011 15:09:02 Brian wrote:
Use a strong password or ssh keys for access to the server. The question
is whether you trust the machine you use at work.
OK, say you -don't- trust your machine at work. Workarounds?
You could run Debian Live on a USB stick (or any other live distro,
really). Boot your work machine with that, and you will have a trusted
machine. Use that to ssh to your home machine.
And follow the advice that others have already given you. Specifically,
disallow password authentication. That is a biggie. Even if you have a
strong password, others on your home machine may not. As already said,
you can use AllowUsers in sshd_config to allow only specific users to
have ssh access.
I hesitate to mention this, because it will start an argument about
security through obscurity, but you can run your ssh server on a port
other than 22. It really does nothing for security, but it will keep
your firewall logs a lot cleaner because it avoids pesky scripts that
circulate the internet, trying to brute force ssh servers.