On Tue, 2006-02-07 at 21:08 -0500, ryan wrote:
On Tuesday 07 February 2006 11:41 am, James Gagnon wrote:
But then again... one has to wonder how secure remote desktop for windows really is... guess it's a win/lose situation =)
Not as secure as SSH....but I definitely think you are on to something.
An interesting solution is to have a really locked down but low-end machine (p2/64 MB RAM) on your LAN that serves one purpose - to be an SSH server.
Strip the software on this box to SSH and not much else. Set up some firewall rules that deny access to nearly everything but the SSH ports. Run sshd on an oddball port. Deny root logins.
Restrict all SSH traffic on your server to the SSH server machine on your LAN. Authenticate via host keys, not password.
If you are REALLY paranoid, turn off the SSH server when you are on your LAN. To break in, an attacker will need to:
- Guess the SSH port.
- Guess when you are not on the LAN (when you are home, you've probably
powered down the SSH box). 3. Guess or bruteforce the SSH password.
If you turn off passwords and only connect via keys ... they would have to get your private key.
- Once inside, execute some hack to get root privileges.
- Guess what the machine is actually used for (SSH gateway to real server).