[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Remote Access: Service vs. Security


Hi there,

as most of you will agree, it makes sense to have particular services of 
your skolelinux system available remotely:

- ssh for administration
- ssh for sftp
- ssh for NX

Even though, we don't use a fix IP, today we had a visitor via ssh who 
cracked a users password by bruteforce (this pupil happened to be in 
some weird IRC channel).

This makes me think.

As long we can't make sure all pupils' / teachers' passwords are safe, 
we rather should not allow ssh to them (as they don't use it for now, 
anyway). But in order to give teachers the opportunity to work from 
home, we will need some way to assure secure access. What solutions did 
you choose? Something like portscanblocking and hidden (unusual) port 
could be an option.

I have to add, that port 22 is forwarded by our firewall to ltsp "only", 
hence, tjener itself is relatively secure. Our "guest" critisized 
that /boot was readable to him (he was goodwilled).

Thanks for sharing your experience,

Reply to: