[mythtv-users] Securing mythweb
MythTV
mythtv at ncc1701.serveftp.net
Wed Feb 10 20:57:13 UTC 2010
> I use my broadband router to map a different port, only have one user
> allowed
> to SSH in, and the password is 12+ characters with a mix of cases,
> numeric
> and punctuation. No problems yet!
>
> Ian
It's not *your* password that is the problem.
Unless you ensure the sshd_config contains the equivalent of
AllowUsers myusername
and preferably
PasswordAuthentication no (Force the use of certificates, which are
easier than they may initially sound)
PermitRootLogin no
You are at risk of all the "default" and "system" accounts on the box
being compromised
if they have passwords other than '*' (login disabled).
My mostly generic mythbuntu install has 37 users in /etc/passwd. Rather
than audit them, I
use the options above to allow only what I want.
# grep User.*not.allowed.because.not.listed.in.AllowUsers
/var/log/debug|wc -l
2036
I use the default port 22... glutton for punishment I suppose.
my 2c.
Dave
More information about the mythtv-users
mailing list