[TriLUG] ssh question

Mike Viscount via TriLUG trilug at trilug.org
Tue Oct 25 10:13:37 EDT 2016 

>> 3. If we've not had anyone hack into our network since I've been here (8
years) I don't think they're going to.

This is why they are going to ... and likely will be able to given the
existence of default passwords

Assume the worst and hope for the best!

I'd personally
  - change the default password immediately - should always be the first
thing done with any box
  - use ssh keys at a minimum - it's really quite trivial to setup.
  - firewall (either on the Pi or external) would also be recommended

First time poster ... not meaning to ruffle any feathers but would hate to
see your name in the newspaper and on the national news for bad stuff :-)

Mike


On Mon, Oct 24, 2016 at 12:53 PM, John Vaughters via TriLUG <
trilug at trilug.org> wrote:

> +1 of Igor's comment
> The one exception is if you had a private network not connected to any
> outside network, but how often is this really the case. The person who
> mentioned the DDOS attacks is also correct. The Embedded Linux craze is
> making a ripe environment of users not understanding the power in their
> hands. An RPi and all the other embedded variations are full blown
> computers capable of just about anything, only limited by computing power,
> but DDOS attacks do not require power, only scale. The ssh key pairs are
> simple, and even no password is better than having a default user. However,
> I recommend keys with passwords and use a key agent like pageant for
> windows or ssh-agent for linux.
> Also, you will find the ssh keypair used with an agent a MAJOR time saver.
> >My advice to you and everyone is to take security seriously because it's
> so
> easy to do: disable password-based ssh logins and use ssh keypairs
> everywhere. It is more convenient than passwords, actually protects you
> (passwords, especially default ones don't), and is the right thing to do.
> --
> This message was sent to: MikeV <mviscount at gmail.com>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that
> address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web  : http://www.trilug.org/mailman/
> options/trilug/mviscount%40gmail.com
> Welcome to TriLUG: http://trilug.org/welcome
>

More information about the TriLUG mailing list