Am 29.12.2011 12:56, schrieb Leonard den Ottolander:
Hello Reindl,
On Thu, 2011-12-29 at 12:29 +0100, Reindl Harald wrote:
Am 29.12.2011 09:17, schrieb Bennett Haselton:
Even though the ssh key is more random, they're both sufficiently random that it would take at least hundreds of years to get in by trial and error.
if you really think your 12-chars password is as secure as a ssh-key protcected with this password you should consider to take some education in security
Bennett clearly states that he understands the ssh key is more random, but wonders why a 12 char password (of roughly 6 bits entropy per byte assuming upper & lower case characters and numbers) wouldn't be sufficient.
so explain me why discuss to use or not to use the best currently availbale method in context of security?
this is a secure configuration with no costs so why not use it?
PasswordAuthentication no ChallengeResponseAuthentication no GSSAPIAuthentication no GSSAPICleanupCredentials no RSAAuthentication yes PubkeyAuthentication yes PermitEmptyPasswords no PermitRootLogin without-password AllowGroups root verwaltung AllowUsers root harry IgnoreRhosts yes HostbasedAuthentication no StrictModes yes UseDNS no UsePrivilegeSeparation yes UsePAM yes LoginGraceTime 25 MaxAuthTries 10 MaxStartups 25