The Secure Shell Suite, or SSH, is a great set of tools that provides secure, encrypted communications with remote servers. You can use the SSH component to remotely log into the command-line of a remote machine, and you can use either scp or sftp to securely transfer files. The default way to use any of these SSH components is to use the username and password of a person's normal Linux user account. So, logging into a remote machine from the terminal of my OpenSUSE workstation would look something like:

donnie@linux-0ro8:~> ssh [email protected]
[email protected]'s password:

While it's true that the username and password go across the network in an encrypted format, making it hard for malicious actors to intercept, it's still not the most secure way of doing business. The problem is that attackers have access to automated tools that can perform brute-force password attacks against an SSH server. Botnets, such as the Hail Mary Cloud, perform continuous scans across the internet to find internet-facing servers with SSH enabled. If a botnet finds that the servers allow SSH access via username and password, it will then launch a brute-force password attack. Sadly, such attacks have been successful quite a few times, especially when the server operators allow the root user to log in via SSH. 

In the next section, we'll look at two ways to help prevent these types of attacks:

• Enable SSH logins through an exchange of public keys
• Disable the root user login through SSH