There's consequences no matter what course of action you take. I would say
generally SSH is a secure service (assuming you update your server regularly)
but be aware:
a) SSH scans/probes are very common right now. Accounts with very bad
passwords may get compromised by these worms. Moving to a non-standard port
would circumvent this.
Not really. You just disguised the port but any smart attacker will
notice the service running on another port and switch to targeting
that.
b) If you allow ssh-keys (default), then you may have users who create
unprotected keys. Those keys will get compromised; people who don't set
passwords on keys tend to have other bad security practises too. Once a
user's key is compromised, then their account on your systems is next.
Allowing ssh keys doesn't mean they're used. If you don't use them
then this situation is moot. If you do use them they are more likely
to be secure than the user's password.
In any case, this is only granting user-level access. This is enough for the
attacker to run spam-bots and such or try escalation attacks, but it's not
super-user access. Those are the weaknesses I am aware of so if anyone knows
of other risks running SSH, please pipe-up.
This is true for any account access the user has.
--
-dhan
------------------------------------------------------------------------
Dan Shoop AIM: iWiring
Systems & Networks Architect http://www.ustsvs.com/
email@hidden http://www.iwiring.net/
1-714-363-1174
"The wise man doesn't give the right answers, he poses the right
questions." -- Claude Levi-Strauss
iWiring provides systems and networks support for Mac OS X, unix, and
Open Source application technologies at affordable rates.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden
