annoying brute force attack attempt using ssh
Mikkel L. Ellertson
mikkel at infinity-ltd.com
Thu May 15 22:45:20 UTC 2008
Patrick O'Callaghan wrote:
> On Thu, 2008-05-15 at 14:41 -0700, Wolfgang S. Rupprecht wrote:
>> "jeff emminger" <jemminger at gmail.com> writes:
>>> isn't password authentication insecure? why not set
>>> "PasswordAuthentication no" and use ssh keys, and maybe port-knocking
>>> too
>> My feeling exactly. You have no control over how stupid a password
>> users will pick. The only control you have is to not allow passwords
>> in the first place and insist on at least a 1k-bit (hopefully random)
>> key.
>
> Then you just have to hope the users' machines aren't vulnerable ...
>
> poc
>
Or at least they use a pass-phrase protected key, and a good phrase.
Mikkel
--
Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20080515/4a8431b7/attachment-0001.sig>
More information about the fedora-list
mailing list