Windows operations should be readily translatable. These instructions are from the point of view of a Mac or other unix-like client computer. If your client computer is stolen or hacked, thieves will have to crack the passphrase, hopefully giving you time to remove the public key from the server. The private key is (at least should be) encrypted with a passphrase. The client provides a single-use, randomized derivation that proves it has the private key, but which can’t lead to the key by an inverse operation, except with the public key. The keys are not even sent between the machines. This means a private key on your client computer must correspond to a public key on the FreeNAS server.
This gives you encrypted communication AND a secure authentication scheme. And of course a visit from is a distinct possibility HTTP access is less secure, and even HTTPS access relies entirely on your password, which can eventually be cracked if someone is determined.įor common mortals, the best approach is to put all remote access to your server over SSH with public key authentication.
You’ll get lots of visitors, and if you don’t shut down that port pretty soon, eventually the contents of your server will probably be in strangers’ hands and you’ll be mining bitcoins for someone and acting as a proxy server for child pornography or something. If you want to see for yourself, just give yourself a super-secure password and forward port 22 on your router to the server, and keep an eye on /var/log/auth.log. Not being a computer professional, I was surprised to find out how often people were sniffing around trying to get in. After I set up FreeNAS and got comfortable with it, I began to explore accessing it remotely over the internet.
0 kommentar(er)
