Re: brute force

[juphoff () tarsier cv nrao edu (Jeff Uphoff)]

"CK" == Christopher Klaus <cklaus () iss net> writes:

CK> Telnetd,rexecd,rshd,rlogind should all be turned off and replaced with
CK> a tool like ssh.   But even ssh can be bruteforced, it is just a LOT more
CK> time consuming since it only allows 1 try per connection and there is
CK> quite a bit of time consumed generating the random keys for transferring.

And it's even harder if you run sshd in this mode (in /etc/sshd_config):

RhostsAuthentication no
RhostsRSAAuthentication no
RSAAuthentication yes
PasswordAuthentication no

No passwords (not even for a fallback)--only already-locally-known keys
can get you in.  Makes for pretty tough cracking, especially if you
protect those keys with nice long pass-phrases and never type them over
a network or into a non-secured xterm, etc....

--Up.

--
Jeff Uphoff - systems/network admin.  |  juphoff () nrao edu
National Radio Astronomy Observatory  |  juphoff () bofh org uk
Charlottesville, VA, USA              |  jeff.uphoff () linux org
    PGP key available at: http://www.cv.nrao.edu/~juphoff/