On Wed, 2007-10-03 at 15:46 -0600, Karl Larsen wrote: > Until you can convince me that my system is at risk from ssh when > using a real password I am going to sleep well. The problem with that, initially, is that ssh will let someone repeatedly try to log in, without complain. You'd need some additional software to auto-ban repeated fails (mentioned elsewhere in this thread, and others like it). It is a bit CPU-intensive for your SSH to do the usual checks as someone logs on. You can see that when you log in over SSH, yourself, it takes a while to respond. If you didn't do the auto-banning thing, one hacker can increase the work load on your PC; perhaps significantly. If you were getting a plethora of connection attempts from different sources, then firewalling would be the way to go (only allow through connections from some trusted locations, rather than try to go banning the problem ones). The workload for firewalling this will be less than the workload for the SSH server trying to authenticate each attempt, failed or otherwise. -- (This box runs FC5, my others run FC4 & FC6, in case that's important to the thread.) Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.
