[raspberry-vi] Re: security and leaving ssh enabled?

• From: Chris Brannon <chris@xxxxxxxxxxxxxxxx>
• To: raspberry-vi@xxxxxxxxxxxxx
• Date: Sun, 11 Dec 2016 19:01:25 -0800

Mike Ray <mike@xxxxxxxxxxxxxxx> writes:

And if you do want to expose an SSH port to the outside world so you can
log in from outside your LAN, I recommend you configure a port other
than 22, which everybody knows is the default port for SSH.  You should
also use a strong password.

I always disable password authentication in ssh, so that it requires a
public key.  Unfortunately, OpenSSh requires two settings be changed in
/etc/ssh/sshd_config to do this.  Both PasswordAuthentication and
ChallengeResponseAuthentication need to be set to "no" (no quotes of
course).
Then, I test it, by trying to ssh to my user account on the Pi from
another user account that does not have my private key.  You should get
"permission denied", rather than a password prompt.
Running it on a high port doesn't really increase your security in the
face of a determined attacker, but it will thwart the typical script
kiddy scanning port 22.

I've been looking at an alternative ssh implementation recently called
TinySSH.  It's at https://tinyssh.org.  The big advantage that I see of
TinySSH is that it has almost no configuration whatsoever, and it never allows
password authentication.  So it is almost impossible to run insecurely.
Unfortunately it's still alpha software, so I'm not going to step out on
a limb and recommend it to folks on this list.  The concept looks good though.

-- Chris
=========================================================== 
The raspberry-vi mailing list 
Archives: //www.freelists.org/archives/raspberry-vi
Administrative contact: <mike.ray@xxxxxxxxxxxxxx>
-----------------------------------------------------------
Raspberry Pi and the Raspberry Pi logo are trademarks of the Raspberry Pi 
Foundation.

This list is not affiliated to the Raspberry Pi Foundation and the views and 
attitudes expressed by the subscribers to this list do not reflect those of the 
Foundation.

Mike Ray, list creator, January 2013

• References:
  • [raspberry-vi] security and leaving ssh enabled?
    • From: Tom Fowle
  • [raspberry-vi] Re: security and leaving ssh enabled?
    • From: Mike Ray

Other related posts:

• » [raspberry-vi] security and leaving ssh enabled?- Tom Fowle
• » [raspberry-vi] Re: security and leaving ssh enabled?- Ben Mustill-Rose
• » [raspberry-vi] Re: security and leaving ssh enabled?- Kelly Prescott
• » [raspberry-vi] Re: security and leaving ssh enabled?- Mike Ray
• » [raspberry-vi] Re: security and leaving ssh enabled?- Mike Ray
• » [raspberry-vi] Re: security and leaving ssh enabled?- Kelly Prescott
• » [raspberry-vi] Re: security and leaving ssh enabled?- Tom Fowle
• » [raspberry-vi] Re: security and leaving ssh enabled?- Tom Fowle
• » [raspberry-vi] Re: security and leaving ssh enabled?- Tom Fowle
• » [raspberry-vi] Re: security and leaving ssh enabled? - Chris Brannon
• » [raspberry-vi] Re: security and leaving ssh enabled?- Tim Chase
• » [raspberry-vi] Re: security and leaving ssh enabled?- Tom Fowle
• » [raspberry-vi] Re: security and leaving ssh enabled?- Mike Ray
• » [raspberry-vi] Re: security and leaving ssh enabled?- Ben Mustill-Rose
• » [raspberry-vi] Re: security and leaving ssh enabled?- Tim Chase

1. Home
2. raspberry-vi
3. Archive
4. 12-2016

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---