There is a concept called dynamic firewall i am working on that should eliminate any brute force attempts. If you think about it, if you know someone is trying to break in there is no need to give them access to the server any more. So after a hundred wrong passwords you cut them off.
Reindl Harald h.reindl@thelounge.net wrote:
Am 29.12.2011 12:56, schrieb Leonard den Ottolander:
Hello Reindl,
On Thu, 2011-12-29 at 12:29 +0100, Reindl Harald wrote:
Am 29.12.2011 09:17, schrieb Bennett Haselton:
Even though the ssh key is more random, they're both sufficiently random that it would take at
least
hundreds of years to get in by trial and error.
if you really think your 12-chars password is as secure as a ssh-key protcected with this password you should consider to take some education in security
Bennett clearly states that he understands the ssh key is more
random,
but wonders why a 12 char password (of roughly 6 bits entropy per
byte
assuming upper & lower case characters and numbers) wouldn't be sufficient.
so explain me why discuss to use or not to use the best currently availbale method in context of security?
this is a secure configuration with no costs so why not use it?
PasswordAuthentication no ChallengeResponseAuthentication no GSSAPIAuthentication no GSSAPICleanupCredentials no RSAAuthentication yes PubkeyAuthentication yes PermitEmptyPasswords no PermitRootLogin without-password AllowGroups root verwaltung AllowUsers root harry IgnoreRhosts yes HostbasedAuthentication no StrictModes yes UseDNS no UsePrivilegeSeparation yes UsePAM yes LoginGraceTime 25 MaxAuthTries 10 MaxStartups 25
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos