On Thu, 2008-05-15 at 17:45 -0500, Mikkel L. Ellertson wrote: > Patrick O'Callaghan wrote: > > On Thu, 2008-05-15 at 14:41 -0700, Wolfgang S. Rupprecht wrote: > >> "jeff emminger" <jemminger@xxxxxxxxx> writes: > >>> isn't password authentication insecure? why not set > >>> "PasswordAuthentication no" and use ssh keys, and maybe port-knocking > >>> too > >> My feeling exactly. You have no control over how stupid a password > >> users will pick. The only control you have is to not allow passwords > >> in the first place and insist on at least a 1k-bit (hopefully random) > >> key. > > > > Then you just have to hope the users' machines aren't vulnerable ... > > > > poc > > > Or at least they use a pass-phrase protected key, and a good phrase. And aren't root-kitted and don't have a keyboard logger ... there's no end to how paranoid you can be, and not everything is valuable enough to be worth the hassle. That's what makes security interesting :-) poc -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
