FTP server fails to list a directory's content even on LAN

    Zitat von subzero79

    but that doesn't prevent people sitting on other side trying usernames and passwords all day, and they usually have it automated.


    Do you mean password cracking? This risk is pretty obvious and somehow unavoidable. So I believe you are suggesting me to set a very "strong" password for every user, right?
    Also, SSL/TLS is supposed to encrypt the password during the authentication process, isn't it?


    Zitat von subzero79

    For me i don't leave open logins at the wan side


    Why? Even an inactive (and, in theory, encrypted) connecton might be a potential security risk?

    • Offizieller Beitrag
    Zitat von Lucario448

    So I believe you are suggesting me to set a very "strong" password for every user, right?


    Of course, who wouldn't. Do yourself an experiment fwd port 80 and 21 and 22 to your machine in your router. Give it a day or two and look at the auth.log file, you'll see what i am talking about. Login attempts will probably end when you use non standard ports, yes is security by obscurity but in practical terms it works. Bots use standard ports, but if someone wants to really get in, nmap will reveal information about what software is serving on that port.


    Zitat von Lucario448

    Also, SSL/TLS is supposed to encrypt the password during the authentication process, isn't it?


    Yes, it encrypts everything, this includes login credentials.


    Zitat von Lucario448

    Why? Even an inactive (and, in theory, encrypted) connecton might be a potential security risk?


    I meant was to leave open logins in the form user/password. Is better to combine something you know (user and password) with something you have (keys/certificates). Read the ssh guide.
    SSH can be configured to also use 2FA with google authenticator app. There are other security mechanisms like port knocking but is not easy to configure at least not for beginner in linux.

    Zitat von subzero79

    Give it a day or two and look at the auth.log file


    Where is it?


    Zitat von subzero79

    Bots use standard ports, but if someone wants to really get in, nmap will reveal information about what software is serving on that port.


    So; using a non-standard port number adds even more security, correct?


    Zitat von subzero79

    Is better to combine something you know (user and password) with something you have (keys/certificates). Read the ssh guide.


    How exactly? So, isn't true that you can't log in with the password and the key at the same time?
    Password or key, both are ways to authenticate a user on SSH, but I don't see that I must use both to log in...

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!

Benutzerkonto erstellen Anmelden