Security....

Rodolfo J. Paiz rpaiz at simpaticus.com
Wed Oct 27 18:24:59 UTC 2004


On Wed, 2004-10-27 at 14:09 -0400, Scot L. Harris wrote:
> So how many ssh attempts per second can one system sustain, assuming the
> attempts are from multiple systems hitting at the same time?  :)
> 

Honestly, beats me. But since I limit access using AllowUsers
in /etc/ssh/sshd_config and since I primarily use certificates to log in
rather than passwords, they're not going to get in within my lifetime.
<grin>

Even when I do use passwords (and assuming the 8-char "standard"), I
always have at least one upper- and lower-case letter, one number, and
one special char. So that's actually 94^8 = 6,095,689,385,410,816 or
about 6.1 x 10^15.

If I did my quick figures right, they'd have to exceed 1.93 million
attempts per second to be statistically likely to crack my box in less
than 100 years. Not bloody likely, and still very secure. <grin>

Cheers,

-- 
Rodolfo J. Paiz <rpaiz at simpaticus.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20041027/d828c8dc/attachment-0001.sig>


More information about the fedora-list mailing list