I mean keys when I say certificate. I believe they're used interchangeably, but that might be incorrect. Thanks for your clarification.
However, I think it's an important point that the key should be protected by a passphrase. If someone breaks into the PC where the private key is stored and they can use that without a passphrase to log into DHIS, it creates a network of possible failures that is hackable. I doubt everyone has the same security policy on their local machine as they should have on the state DHIS server, so a key without a passphrase would be dangerous (please let me know if you disagree). I guess alternatively it's possible to still have a password on a server and require both a password and a ssh key? This might be even safer. Lars 2012/3/9 Bob Jolliffe <[email protected]> > On 9 March 2012 11:52, Jason Pickering <[email protected]> > wrote: > >> > >> I'd use HTTPS/SSL for web access and definitely use SSH (preferably > using > >> both certificates and passwords) for server access (for people > administering > >> the linux installations). > >> > > > > SSH is a must. I would also move it to a non-standard port, and > > disable remote access with passwords, and disable the root user from > > being able to login over SSH. You will still get a lot of bot attacks, > > but using certificates (with a password) will greatly increase the > > security of the server. > > what certificates? I just use my public and private key combination > ie. copy my public key into ~/ssh/authorized_keys on the server. > > Disabling remote access with passwords is really important, but > sometimes it takes a bit of time getting people used to using keys. > Worth the effort though. Don't lose the keys. > > > > > _______________________________________________ > > Mailing list: https://launchpad.net/~dhis2-users > > Post to : [email protected] > > Unsubscribe : https://launchpad.net/~dhis2-users > > More help : https://help.launchpad.net/ListHelp > -- Lars Kristian Roland Research Fellow, Department of Informatics, University of Oslo Email: [email protected] - [email protected] Phone: +47 90733036
_______________________________________________ Mailing list: https://launchpad.net/~dhis2-users Post to : [email protected] Unsubscribe : https://launchpad.net/~dhis2-users More help : https://help.launchpad.net/ListHelp
