Changing username as a security measure? (ssh via router port forward)

ngoonee · 2016-04-26 02:58:43

I'm running password-less SSH (key only) with no root login enabled. Using a high-numbered port.

Have not (yet?) set up fail2ban, since there's only this one port open/forwarded, and I don't allow password logins anyway. May set that up in future.

I'm trying to build up to (at least) and owncloud install and LAN-only NAS. However I'm wondering how much extra security comes from changing user names. Should it be different from my own username (on my laptop), should it be changed from the default (this is Arch Linux ARM which defaults to ARM), or should it be some long string?

As I understand it the username is almost incidental to security when using SSH keys, but would like some confirmation.

P.S. - While this particular system is using Arch Linux ARM the question doesn't seem to be at all specific to that.

ewaller · 2016-04-26 03:34:07

Hey, old friend. Good to see you about and around.

IMHO, none of those measures would provide any additional security. Fail2Ban won't see any activity. Changing user names won't help much -- a random attacker won't know your username anyway, and with key only log on, I don't think they get any feedback. Using a different user name reduces the convenience factor to you by an order of magnitude.

ssh keys are golden.

jasonwryan · 2016-04-26 03:49:42

Agree with ewaller. The only thing I would add is, in addition to the other SSH options you have enabled, restrict logins to your user.

ngoonee · 2016-04-26 03:51:13

Thanks ewaller. Life has changed a whole lot (I see you've been prolific since I've last been reasonably active too).

That was pretty much my read as well. The NSA leaks are worrisome, but I doubt I can do much about that beyond using 4096-bit keys. Ideally I'd use passwords on my keys as well, but automatic-backups and passwords don't really play well together

EDIT: Oh hi jason! Is there any additional security to adding a user restriction if I only have a couple of SSH keys in authorized_keys anyway?

Last edited by ngoonee (2016-04-26 03:52:00)

jasonwryan · 2016-04-26 03:59:59

It just further narrows the range of possibilities. The narrower the gap, the less you have to worry about...

ngoonee · 2016-04-28 01:17:29

jasonwryan wrote:

It just further narrows the range of possibilities. The narrower the gap, the less you have to worry about...

Fair enough I suppose. Thanks.

Arch Linux

#1 2016-04-26 02:58:43

Changing username as a security measure? (ssh via router port forward)

#2 2016-04-26 03:34:07

Re: Changing username as a security measure? (ssh via router port forward)

#3 2016-04-26 03:49:42

Re: Changing username as a security measure? (ssh via router port forward)

#4 2016-04-26 03:51:13

Re: Changing username as a security measure? (ssh via router port forward)

#5 2016-04-26 03:59:59

Re: Changing username as a security measure? (ssh via router port forward)

#6 2016-04-28 01:17:29

Re: Changing username as a security measure? (ssh via router port forward)

Board footer