Re: Securing SSH

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: fedora-list@xxxxxxxxxx
Subject: Re: Securing SSH
From: "Wolfgang S. Rupprecht" <wolfgang+gnus200605@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 23 May 2006 11:48:45 -0700
Cancel-lock: sha1:WvwZaNtInHGf0WCvrGtuqC6WBDM=
Organization: W S Rupprecht Computer Consulting, Fremont CA
References: <14CFC56C96D8554AA0B8969DB825FEA0012B32A3@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <200605231753.k4NHrRKw011326@xxxxxxxxxxxxx>
Reply-to: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>
User-agent: Gnus/5.1008 (Gnus v5.10.8) Emacs/21.4 (berkeley-unix)

Reg Clemens <reg@xxxxxxx> writes:
>         I mean, I trust ssh, its just the time waisted reviewing the
>         logs that this solves.

I trust ssh too, but I'm not sure my passwords are *that* good. ;-)

Some of those folks were pounding hard enough that they could have
gone through a good sized dictionary a few times, injecting different
non-alphabetics and "l33t-sp33k" substitutions over the course of a
few days.

I'm now a strong believer in using "PasswordAuthentication no" in
sshd_config and only allowing rsa/dsa authentication.  Forcing the
kiddies to guess a 1k-bit long key is going to put a real crimp in
their time tables.

(An old cheat-sheet I put together a while back for some technical but
non-computer folks: http://www.wsrcc.com/wolfgang/sshd-config.html  )

-wolfgang
-- 
Wolfgang S. Rupprecht                http://www.wsrcc.com/wolfgang/

References:
- Securing SSH
  - From: Brian D. McGrew
- Re: Securing SSH
  - From: Reg Clemens

Prev by Date: Re: File Permissions problem : Cry for HELP
Next by Date: Re: FC5: Sendmail error
Previous by thread: Re: Securing SSH
Next by thread: Re: Securing SSH
Index(es):
- Date
- Thread

[Index of Archives] [Current Fedora Users] [Fedora Desktop] [Fedora SELinux] [Yosemite News] [Yosemite Photos] [KDE Users] [Fedora Tools] [Fedora Docs]

Powered by Linux