ssh: Permission denied
Mikkel L. Ellertson
mikkel at infinity-ltd.com
Fri Dec 22 22:30:52 UTC 2006
Donald Tripp wrote:
> But think of it this way: you see all those log files with people trying
> to GUESS usernames: fred, mary, joe, jane.... wouldn't it be better to
> NOT allow root access so they MUST guess your username as well as key,
> and password? Three phase authentication is always better than two!
>
It is even better not to allow password login at all. If you use key
pairs for authorization, then they have first get your private key,
then guess your pass phrase for the key. If they manage that, then
they can try to guess the root password, or a local exploit that
will let them become root... (If they know enough to get your
private key, I figure they already know the user name...)
Mikkel
--
Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!
More information about the fedora-list
mailing list