Re: How can I secure a Debian installation?
On Tue 28 Jan 2014 at 11:40:04 -0800, Jon Danniken wrote:
> Thanks Brian, I ended up removing openssh-server, as it was not
> something I needed; it was automatically installed and set up to run as
> a "feature" of the live CD I used to install Debian with (installed as
> part of the "live-tools" package). Fortunately I came across the posting
> that alerted me to this, and have removed it from both of my machines.
Removing software which runs as a daemon is good practice. Why have a
process listening for external connections when it is unnecessary?
> If I end up using openssh in the future I will definitely use a private
> key, though.
Another battle lost. :)
But ssh keys are great for some situations. The problem is their
advocates never describe what the situations are and it is too often a
case of being instructed to "use a ssh key". The downsides to a ssh
key are left unsaid and the impression is given that a password login is
naff and insecure. The pros and cons of an ssh key login are rarely
disussed by these advocates,
I'll just end by reminding you that your ssh key might be stored on a
USB stick. Forget the stick and you don't get to access your account.
Passwords are in your memory and, fallible though it might be, it is
usually accessible. In the last resort the password could come to you
in a dream. :)
Reply to: