Securing SSH
Wolfgang S. Rupprecht
wolfgang+gnus200605 at dailyplanet.dontspam.wsrcc.com
Tue May 23 18:48:45 UTC 2006
Reg Clemens <reg at dwf.com> writes:
> I mean, I trust ssh, its just the time waisted reviewing the
> logs that this solves.
I trust ssh too, but I'm not sure my passwords are *that* good. ;-)
Some of those folks were pounding hard enough that they could have
gone through a good sized dictionary a few times, injecting different
non-alphabetics and "l33t-sp33k" substitutions over the course of a
few days.
I'm now a strong believer in using "PasswordAuthentication no" in
sshd_config and only allowing rsa/dsa authentication. Forcing the
kiddies to guess a 1k-bit long key is going to put a real crimp in
their time tables.
(An old cheat-sheet I put together a while back for some technical but
non-computer folks: http://www.wsrcc.com/wolfgang/sshd-config.html )
-wolfgang
--
Wolfgang S. Rupprecht http://www.wsrcc.com/wolfgang/
More information about the fedora-list
mailing list