On Mon, 27 Jan 2014 23:51:01 -0800 Jon Danniken <danni...@q.com> wrote:
> On 01/27/2014 09:41 PM, Scott Ferguson wrote: > > > > Keep updated, subscribe to the security list, read and follow the > > fine manual:- > > https://www.debian.org/doc/manuals/securing-debian-howto/ > > Thanks Scott, that's just what I was looking for. > And so was Raffaele's reply. If you will be using ssh from outside, set up keys and disable the use of passwords. Use a good password or phrase on the private key, and keep it on a USB stick away from the laptop. Laptops are easy to lose. If you need to use Windows, then make the keys in puTTY, because as far as I know, puTTY still can't use OpenSSH private keys but can make public ones. My recommendation would be to run sshd on a high port number. Before the usual chorus jumps in, I know *that* *does* *not* *improve* *security*, but it certainly gives you cleaner log files. Though over a number of years, I've had vastly more attempts to connect to port 22 than full-spectrum port scans (in fact I've never had one of the latter) and I am forced to conclude than in my personal case, it *does* improve security. But put your trust in good keys, the bots are all looking to do password attacks. -- Joe -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20140128094643.6ee29...@jretrading.com
