Re: Leaving a door open?

[Diego Kellner <dkepler () gmail com>]

Emmanuel,
I've used this in the past and I consider it secure (much more than
leaving FTP open), as long as you keep up to date with your SSH
server, use SSH2 and have a strong password (I'd recommend
certificates if you access your computer from the same clients). SSH
gives you the ability tu tunnel other not-so-secure applications like
VNC, so you can actually have full control of your computer from the
outside.
Changing the port could help prevent automated attacks on SSH (you'll
probably get a few login attempts a week), but wouldn't stop a
determined attacker from finding out where your SSH is running (as
simple as running NMAP -v).
Regards,
Diego

On 5/27/05, Emmanuel Goldstein <goldstein101 () gmail com> wrote:
> Hi!
>
> My ISP gives me a static Ip and I was thinking about leaving the SSH
> port open so I can access my computer from anywhere since i always
> have it switched on.
>
> I have a linux box that is integrated in my home Lan, and a router
> with firewall capabilities.
>
> Is this secure??? Note that my admin password is really hard to guess,
> so im not concerned about bruteforce attacks.
>
> Should I map ports so instead of opening 22 I access through (eg) 'ssh
> -p 7623'. That way is not that obvious i have an open ssh port is, it?
>
> Any other security issues i should be concerned about?
> Is this a good idea?
> Is it better to just set up an ftp server?
>
>
> Thanks for your help. Cheers. Bye.