[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OT: Safe to access SSH server from work?

On 06/05/11 02:54, Rob Owens wrote:
On Thu, May 05, 2011 at 03:46:27PM -0700, CACook@quantum-sci.com wrote:
On Thursday 5 May, 2011 15:09:02 Brian wrote:
Use a strong password or ssh keys for access to the server. The question
is whether you trust the machine you use at work.

OK, say you -don't- trust your machine at work.  Workarounds?

You could run Debian Live on a USB stick (or any other live distro,
really).  Boot your work machine with that, and you will have a trusted
machine.  Use that to ssh to your home machine.

And follow the advice that others have already given you.  Specifically,
disallow password authentication.  That is a biggie.  Even if you have a
strong password, others on your home machine may not.  As already said,
you can use AllowUsers in sshd_config to allow only specific users to
have ssh access.

I hesitate to mention this, because it will start an argument about
security through obscurity, but you can run your ssh server on a port
other than 22.  It really does nothing for security, but it will keep
your firewall logs a lot cleaner because it avoids pesky scripts that
circulate the internet, trying to brute force ssh servers.

A good point about this is that it allows to set up easily the port table
of your home router as a route table: the flow can be directed to computers
according to the port of the flow. In particular, you can direct the port 22
to a dummy computer, and you obscure port to your important computer.



Reply to: