[CentOS] Server Hacked: Cpanel

Wed Aug 9 17:15:29 UTC 2006
William L. Maltby <BillsCentOS at triad.rr.com>

On Wed, 2006-08-09 at 14:01 -0300, Rodrigo Barbosa wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Wed, Aug 09, 2006 at 12:40:17PM -0400, Chris Mauritz wrote:
> ><snip>

> I have been using one One Time Password method or another to allow my
> users to have ssh access to their areas these days. Works great,
> as long as they are new users. Old users might complain if you
> make things "more difficult" for them.

As you know, I've never been afraid of exposing my ignorance. So, a Q.

From rom my reading learning to use SSH and such I saw recommendations that
login/password not be allowed where possible. So I did the public key
things and exported them around my little nichework. My theory being
that it is harder to get in and compromise things if there is no
login/password pair for someone to "snoop".

My question is: is there a scenario where the public key based solution
is just totally inappropriate? Am I overrating the value of going
"passwordless"?

I'm also using an IPCop firewall w/no access from the 'net for now. But
if/when I "open 'er up" a little, I would like to believe I'm doing the
best job I can.

> Rodrigo Barbosa
> <snip sig stuff>

TIA
-- 
Bill
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.centos.org/pipermail/centos/attachments/20060809/bd28895a/attachment-0005.sig>