On Wed, June 28, 2006 11:22 pm, Tim Churches said: > It depends on the circumstances. However, if the private key is on a > laptop and is used to log in via ssh to an Internet-accessible host > computer, then leaving the private key unencrypted is just asking for > trouble - if you lose your laptop or if it is nicked then anyone (with a > modicum of knowledge) can boot it up, log in as root[1] and access your > Internet-accessible host(s) without having to know or guess *any* > passwords to *anything*. None. Not even one.
1. Don't use the same username as your own for ssh access. Use an obscure one. 2. Never allow external (or even console, that's what sudo is for) root access to a server. SSHD should by default deny root login. 3. Use the firewall, Luke. Only allow ssh access from known IPs, or ranges of IPs if dynamic. Peter. _______________________________________________ Gpcg_talk mailing list [email protected] http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
