2
I have a macbook that I've managed to expose (using port forwarding) to the world. It works nicely but I'm worried that, while it's not pingable or otherwise detectable, it might get detected and exploited.
What are the main types of security I should look into for this? Also: would it be more (or less) secure to ONLY expose ssh instead of VNC?
Dan Rosenstark
Posted 2011-04-02T17:36:47.503
Reputation: 5 718
1
Using ssh
Shut off passwords and use only DSA (or RSA) authentication. Set it up as detailed here under "Using DSA public key authentication" (and the list includes more things).
Then disable SSH password authentication entirely, so if you don't have the right id_rsa file, you can't get in. This is detailed here.
Also change the default port for ssh. This seems silly but it's not at all. See the comments in the second link above. To actually do it, use the stuff here.
Using VNC
Do NOT use VNC from the outside. Tunnel it through SSH. This is actually pretty easy to work out.
Dan Rosenstark
Posted 2011-04-02T17:36:47.503
Reputation: 5 718