Re: OT: Safe to access SSH server from work?
On 06/05/11 02:54, Rob Owens wrote:
On Thu, May 05, 2011 at 03:46:27PM -0700, CACook@quantum-sci.com wrote:
On Thursday 5 May, 2011 15:09:02 Brian wrote:
Use a strong password or ssh keys for access to the server. The question
is whether you trust the machine you use at work.
OK, say you -don't- trust your machine at work. Workarounds?
You could run Debian Live on a USB stick (or any other live distro,
really). Boot your work machine with that, and you will have a trusted
machine. Use that to ssh to your home machine.
And follow the advice that others have already given you. Specifically,
disallow password authentication. That is a biggie. Even if you have a
strong password, others on your home machine may not. As already said,
you can use AllowUsers in sshd_config to allow only specific users to
have ssh access.
I hesitate to mention this, because it will start an argument about
security through obscurity, but you can run your ssh server on a port
other than 22. It really does nothing for security, but it will keep
your firewall logs a lot cleaner because it avoids pesky scripts that
circulate the internet, trying to brute force ssh servers.
A good point about this is that it allows to set up easily the port table
of your home router as a route table: the flow can be directed to computers
according to the port of the flow. In particular, you can direct the port 22
to a dummy computer, and you obscure port to your important computer.