At 11:22a -0400 on 26 Apr 2007, Hal wrote:
On Apr 26, 2007, at 8:34 AM, Kevin Hunter wrote:
In general, utilizing public/private keys for remote authentication is /much/ more secure than passwords.

There is some debate about which is more secure
public/private keys or username/password.

Yep, thank you for that reminder. :-) I suppose we now know what I'm arguing!

        With public/private keys anyone who has
        access to your machine has access to any machine
        your machine has a key on.

Without a passphrase, I'd agree. The key word that I made sure to put in was 'remote'. With passphrases, it becomes a two-step authentication, one locally to unlock the private key, and one remotely to at least confirm that you have the other half of the key.

The other thing that I personally like about public/private key combinations is that for the more lazy of us, we don't always check the fingerprint matches. If I decide to log on to a remote machine to which I've not logged directly on before (e.g. a company NFS- shared home directory), then I can be assured that I'm not falling victim to a man-in-the-middle attack; I can blindly accept the fingerprint, and if it hangs, I can guess that I'm in the middle of an attack attempt, and try another avenue to get where I'm going.

        With username/password protection is only as
        strong as your password.  But your password is
        needed.

Yep.  I agree.

So...   Use a firewall which limits access to only machines
        you are willing to let in.

Yep. I agree. See Bill's page about limiting number of connections per time frame as well.

        Use hosts.allow to further restrict access to ssh.

Yep.  I agree.

        Change the ssh port to something not generally known.

This I place into the category of security-through-obscurity, which I don't find a particularly comforting method. So it adds a single extra layer, but if a cracker is worth her/his salt, it's easily discovered and, in my opinion, not worth the extra effort it takes me to type -p <PORT> everytime. (Yes, I could use an alias or some such, but that's still extra thought-power that I'd rather place elsewhere.)

        In sshd_config use the AllowUsers parameter to allow
        specific users to have access to ssh.

Yep.  I agree.

I think that in the end, those who are security conscious, such as presumably you and me, the specifics of how we do it become largely a moot point or highly dependent on what it is that we're securing. My personal preference is to follow the 80/20 rule. I don't have 100% of my time to devote to doing the exact right thing. But I do have 20% of my time to devote to doing 80% of the exact right thing. If/ when that becomes a problem, I'll reevaluate my approach.

On that note, you may know better than I do: is there a web page or blog somewhere that coalesces all the different things that should be done/are currently best-practice to secure a system? Especially to a *BSD noob?

Thanks,

Kevin
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to