[CentOS] what percent of time are there unpatched exploits against default config?

Alex Milojkovic centos at businessforce.ca
Fri Dec 30 09:55:41 UTC 2011


There is a concept called dynamic firewall i am working on that should eliminate any brute force attempts. If you think about it, if you know someone is trying to break in there is no need to give them access to the server any more. So after a hundred wrong passwords you cut them off.


Reindl Harald <h.reindl at thelounge.net> wrote:

>
>
>Am 29.12.2011 12:56, schrieb Leonard den Ottolander:
>> Hello Reindl,
>> 
>> On Thu, 2011-12-29 at 12:29 +0100, Reindl Harald wrote:
>>> Am 29.12.2011 09:17, schrieb Bennett Haselton:
>>>> Even though the ssh key is more
>>>> random, they're both sufficiently random that it would take at
>least
>>>> hundreds of years to get in by trial and error.
>> 
>>> if you really think your 12-chars password is as secure
>>> as a ssh-key protcected with this password you should
>>> consider to take some education in security
>> 
>> Bennett clearly states that he understands the ssh key is more
>random,
>> but wonders why a 12 char password (of roughly 6 bits entropy per
>byte
>> assuming upper & lower case characters and numbers) wouldn't be
>> sufficient.
>
>so explain me why discuss to use or not to use the best
>currently availbale method in context of security?
>
>this is a secure configuration with no costs
>so why not use it?
>
>PasswordAuthentication          no
>ChallengeResponseAuthentication no
>GSSAPIAuthentication            no
>GSSAPICleanupCredentials        no
>RSAAuthentication               yes
>PubkeyAuthentication            yes
>PermitEmptyPasswords            no
>PermitRootLogin                 without-password
>AllowGroups                     root verwaltung
>AllowUsers                      root harry
>IgnoreRhosts                    yes
>HostbasedAuthentication         no
>StrictModes                     yes
>UseDNS                          no
>UsePrivilegeSeparation          yes
>UsePAM                          yes
>LoginGraceTime                  25
>MaxAuthTries                    10
>MaxStartups                     25
>
>_______________________________________________
>CentOS mailing list
>CentOS at centos.org
>http://lists.centos.org/mailman/listinfo/centos

-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.



More information about the CentOS mailing list