Posted by: Anonymous
on October 20, 2007 05:11 AM
Thank you for the tutorial but
From what I read, OpenSSH is more likely to be a target on the Internet by bots looking for open port 22? Per http://secunia.com/product/ versions before 4.0 have unpatched security holes. Aren't you asking for it by running a web facing PC w/ OpenSSH. Wouldn't it be advisable to at least run OpenSSH using a user vs. a system wide configuration setting and maybe a front-end firewall appliance?
I assume your talking Red Hat here since Ubuntu's system wide configuration files are in /etc/ssh/ssh_config and user files are in ~/.ssh/config.
Ubuntu doesn't seem to have a "PermitRootLogin yes to PermitRootLogin" that I could find.
Also, shouldn't Port 22 also be enabled to the changed options for communications. It's available in Ubuntu's config file. I do not know about Red Hat.