annoying brute force attack attempt using ssh
Patrick O'Callaghan
pocallaghan at gmail.com
Thu May 15 22:18:29 UTC 2008
On Thu, 2008-05-15 at 14:41 -0700, Wolfgang S. Rupprecht wrote:
> "jeff emminger" <jemminger at gmail.com> writes:
> > isn't password authentication insecure? why not set
> > "PasswordAuthentication no" and use ssh keys, and maybe port-knocking
> > too
>
> My feeling exactly. You have no control over how stupid a password
> users will pick. The only control you have is to not allow passwords
> in the first place and insist on at least a 1k-bit (hopefully random)
> key.
Then you just have to hope the users' machines aren't vulnerable ...
poc
More information about the fedora-list
mailing list