[CentOS] what percent of time are there unpatched exploits against default config?

Thu Dec 29 12:07:56 UTC 2011

Am 29.12.2011 12:56, schrieb Leonard den Ottolander:
> Hello Reindl,
> 
> On Thu, 2011-12-29 at 12:29 +0100, Reindl Harald wrote:
>> Am 29.12.2011 09:17, schrieb Bennett Haselton:
>>> Even though the ssh key is more
>>> random, they're both sufficiently random that it would take at least
>>> hundreds of years to get in by trial and error.
> 
>> if you really think your 12-chars password is as secure
>> as a ssh-key protcected with this password you should
>> consider to take some education in security
> 
> Bennett clearly states that he understands the ssh key is more random,
> but wonders why a 12 char password (of roughly 6 bits entropy per byte
> assuming upper & lower case characters and numbers) wouldn't be
> sufficient.

so explain me why discuss to use or not to use the best
currently availbale method in context of security?

this is a secure configuration with no costs
so why not use it?

PasswordAuthentication          no
ChallengeResponseAuthentication no
GSSAPIAuthentication            no
GSSAPICleanupCredentials        no
RSAAuthentication               yes
PubkeyAuthentication            yes
PermitEmptyPasswords            no
PermitRootLogin                 without-password
AllowGroups                     root verwaltung
AllowUsers                      root harry
IgnoreRhosts                    yes
HostbasedAuthentication         no
StrictModes                     yes
UseDNS                          no
UsePrivilegeSeparation          yes
UsePAM                          yes
LoginGraceTime                  25
MaxAuthTries                    10
MaxStartups                     25

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20111229/f26962c3/attachment.sig>