Re: ssh: Permission denied
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Dylan Semler wrote:
...snip...
However, if you use an 8-digit password with capital and lowercase
letters, numbers, and symbols, there are 8^( 26*2 + 10*2 + 20 ) = 8^92
= 1.21e83 possible passwords. Since ssh waits about a second after
each incorrect password and there have been only 3.32e17 seconds in
the history of the universe, it seems scritcly /impossible/ for a
password to be guessed. So the risk must not be from password-bots.
What is the risk then?
That is not the larger danger. The larger danger is that someone will
find and publish an exploit for ssh2 as root That did happen to ssh1,
and is why you should never allow ssh1 protocol to the Internet,
ESPECIALLY if you allow root logins. ssh1 is still supported
(thankfully) for compatibility with older systems. It is not meant to
be used otherwise.
In that case if you allow root logins from ssh an exploiter can access
your system as root, even without password guessing.
It is always best to avoid those possibilities. Turn off ssh1 and root
access via ssh. See my other post in this thread for how to:
Also, right now I set up sudo so it doesn't prompt for passwords, so
in effect, any user that logs in can become root. Is this very very
bad as well?
Once a person is on your system, its too late. Its only a minor
inconvenience for the hacker when you disallow sudo, but I do it anyway.
It is most common for a hacker to install a 'root kit' instead. There
are still several that will work. And on older systems ... well he can
just pick one. :)
By allowing open sudo, maybe a bud of yours will install a root kit for
fun when you though he was playing on your new PS3 in there. :)
[Index of Archives]
[Current Fedora Users]
[Fedora Desktop]
[Fedora SELinux]
[Yosemite News]
[Yosemite Photos]
[KDE Users]
[Fedora Tools]
[Fedora Docs]
