I just wrote that up yesterday, but I've been doing this for years. Though I almost always use key-based auth, it's nice to be able to securely log in from a computer that is not one of mine.
@nixCraft I regret to inform TechRadar is terrible and full of bs. I know only one #tech news website as bad as TR. I highly recommend not to read it at all. #technology#TechNews
@kkarhan@nixCraft In my experience Verge isn't quite on the same level of absurd as TR, but I don't have time to read it regularly. The other website I was thinking of is Spider's Web, but it's Polish.
At least ComputerBILD does include a glossary for all the #TechIlliterates but they could've gotten that by reading the first paragraph of a #Wikipedia article instead of paying for some shitty ad-laced magazine...
@kkarhan@nixCraft I agree the landscape is bad, I pretty much resigned from following any particular tech news website and learn about things from friends and/or random people. Of course I verify if it's something I care about.
@nixCraft The sad thing is there actually has been a very recent major SSH exploit found and they're basically capitalizing on that. Instead of talking about that they just seem to have made a cheap, hastily thrown together unrelated article that is, as you said, clickbait.
@nixCraft my solution: don't port forward my ssh so unless they connect to my secure network at the exact time I happen to be hosting an ssh seever, which is usually for under a day, and then manage to guess my username and password, I think I'm fine.
@nixCraft
Years ago a graduate student connected RPi with default password and ssh enabled to our experimental (=fully open) network segment. Someone managed to log in just 23 seconds after his first login.
Bad passwords, allowing password authentication and no fail2ban is just as bad idea as it has ever been. Furthermore, most systems could just limit ssh access only from trusted networks, so you need to have to keep better eye to one or few jumphosts for ssh -J jump.example.com (or use VPN).
@nixCraft pubkey only + random valid port number which I wrote into .ssh/config on the client side. I don't think a single scanner ever came across the 5 digit port...
@nixCraft
i will make an admission. one my linux installation got hacked many years ago. basically it was my idiotic mistake. i forgot to shutdown ssh server or firewall it. good news was that it was simplistic ddos attack script.
Add comment