Glenn Lovitz said: > Ooooops on port 22 not 23-- my bad! > > For the rest - JEEEEZ! - I was really answering a VPN question - not > trying to > also add a full discourse on SSH.
Which is good because this is a VNC list. SSH does come up often though (and I do have one nit to pick below). > Yes, I also allow SSH2 only. I originally used PK Auth only, but switched > back > to password (NEVER stored in putty) because I carry a disk around to use > from > remote computers. If my disk falls into unwanted hands and contains the > file > with my public key it can be just as bad if the passphrase is guessed or > known > by others which may give one a false sense of security. BTW, our > CheckPoint > FW-1 also requires firewall authentication to allow port traversal. Security of the passphrase (itself) and your password are about the same. The difference is that to be able to used a guessed passphrase they also need the key file. On top of that, they need that key file without my knowledge. But if you pick a good passphrase the will have trouble guessing it. If the disk does fall in the wrong hands you can just remove that key from the ~/.ssh/authorized_keys file and it won't matter if they can figure out the passphrase or not. [snip] -- William Hooper _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
