[CentOS] what percent of time are there unpatched exploits against default config?
Reindl Harald
h.reindl at thelounge.net
Thu Dec 29 12:07:56 UTC 2011
Am 29.12.2011 12:56, schrieb Leonard den Ottolander:
> Hello Reindl,
>
> On Thu, 2011-12-29 at 12:29 +0100, Reindl Harald wrote:
>> Am 29.12.2011 09:17, schrieb Bennett Haselton:
>>> Even though the ssh key is more
>>> random, they're both sufficiently random that it would take at least
>>> hundreds of years to get in by trial and error.
>
>> if you really think your 12-chars password is as secure
>> as a ssh-key protcected with this password you should
>> consider to take some education in security
>
> Bennett clearly states that he understands the ssh key is more random,
> but wonders why a 12 char password (of roughly 6 bits entropy per byte
> assuming upper & lower case characters and numbers) wouldn't be
> sufficient.
so explain me why discuss to use or not to use the best
currently availbale method in context of security?
this is a secure configuration with no costs
so why not use it?
PasswordAuthentication no
ChallengeResponseAuthentication no
GSSAPIAuthentication no
GSSAPICleanupCredentials no
RSAAuthentication yes
PubkeyAuthentication yes
PermitEmptyPasswords no
PermitRootLogin without-password
AllowGroups root verwaltung
AllowUsers root harry
IgnoreRhosts yes
HostbasedAuthentication no
StrictModes yes
UseDNS no
UsePrivilegeSeparation yes
UsePAM yes
LoginGraceTime 25
MaxAuthTries 10
MaxStartups 25
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20111229/f26962c3/attachment.sig>
More information about the CentOS
mailing list