[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Securing SSH



Reg Clemens <reg dwf com> writes:
>         I mean, I trust ssh, its just the time waisted reviewing the
>         logs that this solves.

I trust ssh too, but I'm not sure my passwords are *that* good. ;-)

Some of those folks were pounding hard enough that they could have
gone through a good sized dictionary a few times, injecting different
non-alphabetics and "l33t-sp33k" substitutions over the course of a
few days.

I'm now a strong believer in using "PasswordAuthentication no" in
sshd_config and only allowing rsa/dsa authentication.  Forcing the
kiddies to guess a 1k-bit long key is going to put a real crimp in
their time tables.

(An old cheat-sheet I put together a while back for some technical but
non-computer folks: http://www.wsrcc.com/wolfgang/sshd-config.html  )

-wolfgang
-- 
Wolfgang S. Rupprecht                http://www.wsrcc.com/wolfgang/


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]