Am 29.12.2011 12:56, schrieb Leonard den Ottolander: > Hello Reindl, > > On Thu, 2011-12-29 at 12:29 +0100, Reindl Harald wrote: >> Am 29.12.2011 09:17, schrieb Bennett Haselton: >>> Even though the ssh key is more >>> random, they're both sufficiently random that it would take at least >>> hundreds of years to get in by trial and error. > >> if you really think your 12-chars password is as secure >> as a ssh-key protcected with this password you should >> consider to take some education in security > > Bennett clearly states that he understands the ssh key is more random, > but wonders why a 12 char password (of roughly 6 bits entropy per byte > assuming upper & lower case characters and numbers) wouldn't be > sufficient. so explain me why discuss to use or not to use the best currently availbale method in context of security? this is a secure configuration with no costs so why not use it? PasswordAuthentication no ChallengeResponseAuthentication no GSSAPIAuthentication no GSSAPICleanupCredentials no RSAAuthentication yes PubkeyAuthentication yes PermitEmptyPasswords no PermitRootLogin without-password AllowGroups root verwaltung AllowUsers root harry IgnoreRhosts yes HostbasedAuthentication no StrictModes yes UseDNS no UsePrivilegeSeparation yes UsePAM yes LoginGraceTime 25 MaxAuthTries 10 MaxStartups 25 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 262 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20111229/f26962c3/attachment-0005.sig>