Re: annoying brute force attack attempt using ssh

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Patrick O'Callaghan wrote:
On Thu, 2008-05-15 at 14:41 -0700, Wolfgang S. Rupprecht wrote:
"jeff emminger" <[email protected]> writes:
isn't password authentication insecure?  why not set
"PasswordAuthentication no" and use ssh keys, and maybe port-knocking
My feeling exactly.  You have no control over how stupid a password
users will pick.  The only control you have is to not allow passwords
in the first place and insist on at least a 1k-bit (hopefully random)
Then you just have to hope the users' machines aren't vulnerable ...


Or at least they use a pass-phrase protected key, and a good phrase.


  Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!

Attachment: signature.asc
Description: OpenPGP digital signature

fedora-list mailing list
[email protected]
To unsubscribe:

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux