On Wednesday, August 28, 2019 2:45:37 AM MST Björn Persson wrote:
If an attacker guesses your passphrase, then it's your weak
passphrase
that allows them to break in.
No. Having it wide open to the network means it can be broken, even through
brute force if necessary.
(That said, I'd be in favor of tightening the default SSHD
configuration to allow only public key authentication, as long as it
would still be possible to gain initial access to a freshly installed
headless server.)
That would make it hard for "our moms and dads" to use, so I'm not sure
that's
a good idea.
I have no idea what you mean by "running local".
A program that binds either your currently configured interface(s) or all
interfaces by default. These are not at all uncommon. Some of them are
designed for local access only, and yet they still bind all interfaces.
--
John M. Harris, Jr. <johnmh(a)splentity.com>
Splentity
https://splentity.com/