[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SSHd



On Sunday 20 August 2006 05:26am, Rahul wrote:
> Arthur Pemberton wrote:
> > I second that, however I would suggest going further and having
> > somethign denyhosts like in place or are we going with the assumption
> > that anyone owning a FC installation will be setting a good password,
> > or a weak password with the knowledge that SSHd is running?
>
> passwd program has checks in place to ensure that poor passwords are
> rejected and yes if you have the root password on the system there is a
> question of common sense too.

Yeah, well, the standard checks that passwd does aren't all that great.  
They'll only cover the weakest of weak passwords and not in all possible ways 
either.  It's rather trivial to modify a weak password so that it gets by 
this.  Mind you, I'm talking about Fedora's default configuration, here; 
cracklib can be configured to make things better.

Perhaps we should consider *a small amount* of tightening of this default 
configuration.
-- 
Lamont R. Peterson <lamont gurulabs com>
Senior Instructor
Guru Labs, L.C. [ http://www.GuruLabs.com/ ]

NOTE:  All messages from this email address should be digitally signed with my
       0xDC0DD409 GPG key. It is available on the pgp.mit.edu keyserver as
       well as other keyservers that sync with MIT's.

Attachment: pgpr7HeDPAK4e.pgp
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]