On Wednesday 11 May 2005 08:29 pm, John Summerfied wrote: > grim wrote: snip > At work I've tried using a password generator for users' passwords. It's > a nice idea. but the staff are completely unable to cope with them. In > practice, either I need to know them too or I forever need to reset them. > > One thing I learned after one user's account was cracked (I didn't > assign that password) is to have incoming ssh on a box that doesn't host > mail and other user services. If someone uses (assuming it's possible) > ftp, email or http to enumerate users, the users they find mostly don't > have user accounts on the machine running sshd. > > Users not having login rights have /bin/true, /bin/false, /bin/nologin > or similar for their login shell. > > > I personally don't see the merit on changing the ssh port; if it's > configured sensibly that gains inconvenience, nothing else. > Cheers > John Patterns on the keyboard are a good way to go as far as password generation. Something such as qazwsx123 (try typing it out on a "qwerty" keyboard). -- John H Ludwig Common sense is so rare, why do they call it common!!! I'm not schitziod! I got better tomorrow.
