"jdow" <jdow@xxxxxxxxxxxxx> writes: > It's possible to configure a firewall to give one shot every three minutes > to logging in via ssh. It is possible, but not usually done that way. The ssh-attacking programs are pretty good at hammering sshd. If any of the users of the machine have a password that is in its attack dictionary, then your out of luck. You'd be surprised how many folks pick utterly crap passwords. When I spot checked a machine I helped run against a common attack dictionary, a full 15% fell to it. That was only a 50k word dictionary too. The ssh attack programs I saw could run through that in under a day. Better would be to just allow RSA (or DSA) and make the attacker guess a 1024-bit *computer* generated key. > How long do you think it would take to guess "12345678" as a password > at one try every three seconds? (Or for the real paranoids one try > every three minutes.) Sure, if you use computer generated passwords and they have a white-noise distribution across the whole search space then you would also be safe. -wolfgang -- Wolfgang S. Rupprecht http://www.full-steam.org/ (ipv6-only) You may need to config 6to4 to see the above pages. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
