Re: [CentOS] duqu

On Wed, Nov 30, 2011 at 12:42 PM, Rob Kampen rkampen@kampensonline.com wrote:

...

I've always wondered why something as complex as sshd doesn't do anything to protect you from the simplest form of attack - like rate-limiting failed attempts.

Passwords?? Why?

Because they are there and enabled by default...

Remote root login via ssh?? Why?

Because that is necessary (or a way to escalate to root) to do anything useful like backups or remote administration.

This is why they invented cyphers and rsa and 3des etc - use these and it makes it MUCH harder for the black hackers.

Sure, but you could just use a separate VPN to get in if you want to make things complicated. Ssh is mostly about being able to log in.