Is ssh not safe?

[jludwig]

On Sat, 2004-07-24 at 13:37, Michael Sullivan wrote:
> I've been following the "Hack Attempts" thread and I've come to the
> conclusion that having my router route port 22 requests through to my
> server PC is not safe.  Here's my situation.  I use my server PC for web
> hosting and email.  Most of my users access their accounts from outside
> the router (my network is based in my apartment and my wife and I are
> the only ones who use it here.)  I don't users telnetting in because of
> the security risk (I don't quite understand this, but I've read about it
> in more than one place, so it's probably true), so I've enabled ssh so
> that they can log in and change their passwords if need be.  They upload
> their web pages through FTP, supplying their username and password. 
> Spammers try to use the mail server every day - I have to read about it
> in my daily Logwatch, but I don't think they ever succeed.  I should
> probably keep a closer eye on the logs.  Is there a way for users to
> change their passwords through their FTP clients?  Or is there a safer
> way to allow them to change their passwords?
I have at least skimmed all the posts to this thread. 

IMHO greater concern should be placed in spyware and rootkits which
would allow for gathering user names and passwords directly off the
host.

No use locking the front door if the back door is wide open.
-- 
jludwig <wralphie at comcast.net>