[mythtv-users] Securing mythweb
mythtv at ncc1701.serveftp.net
Wed Feb 10 20:57:13 UTC 2010
> I use my broadband router to map a different port, only have one user
> to SSH in, and the password is 12+ characters with a mix of cases,
> and punctuation. No problems yet!
It's not *your* password that is the problem.
Unless you ensure the sshd_config contains the equivalent of
PasswordAuthentication no (Force the use of certificates, which are
easier than they may initially sound)
You are at risk of all the "default" and "system" accounts on the box
if they have passwords other than '*' (login disabled).
My mostly generic mythbuntu install has 37 users in /etc/passwd. Rather
than audit them, I
use the options above to allow only what I want.
# grep User.*not.allowed.because.not.listed.in.AllowUsers
I use the default port 22... glutton for punishment I suppose.
More information about the mythtv-users