On Tue, 2006-02-07 at 21:08 -0500, ryan wrote: > On Tuesday 07 February 2006 11:41 am, James Gagnon wrote: > > But then again... one has to wonder how secure remote desktop for > > windows really is... guess it's a win/lose situation =) > > Not as secure as SSH....but I definitely think you are on to something. > > An interesting solution is to have a really locked down but low-end machine > (p2/64 MB RAM) on your LAN that serves one purpose - to be an SSH server. > > Strip the software on this box to SSH and not much else. Set up some firewall > rules that deny access to nearly everything but the SSH ports. Run sshd on an > oddball port. Deny root logins. > > Restrict all SSH traffic on your server to the SSH server machine on your LAN. > Authenticate via host keys, not password. > > If you are REALLY paranoid, turn off the SSH server when you are on your LAN. > To break in, an attacker will need to: > 1. Guess the SSH port. > 2. Guess when you are not on the LAN (when you are home, you've probably > powered down the SSH box). > 3. Guess or bruteforce the SSH password. If you turn off passwords and only connect via keys ... they would have to get your private key. > 4. Once inside, execute some hack to get root privileges. > 5. Guess what the machine is actually used for (SSH gateway to real server). -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://lists.centos.org/pipermail/centos/attachments/20060208/e580fd6c/attachment-0005.sig>