nanog mailing list archives
Re: SSH brute force China and Linux: best practices
From: Joe Greco <jgreco () ns sol net>
Date: Sat, 30 Jan 2010 14:51:46 -0600 (CST)
also enforce either strong passwords or require no passwords (e.g. keys only) and everything should be cool.what is 'password'?
"password" is that thing that you use when you don't want one compromised "passphrase for your DSA key" to give access to every resource under the sun that you have access to. Keys are fantastic when used to access a resource with relatively permissive (or no) IP-based access lists, automated applications, etc. However, where I have a resource that's already heavily restricted for SSH by ACL, I sometimes prefer an actual password that has to be dredged out of memory. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
Current thread:
- SSH brute force China and Linux: best practices Bobby Mac (Jan 29)
- Re: SSH brute force China and Linux: best practices Bazy (Jan 30)
- Re: SSH brute force China and Linux: best practices James Hess (Jan 30)
- Re: SSH brute force China and Linux: best practices Bret Clark (Jan 30)
- Re: SSH brute force China and Linux: best practices Peter Beckman (Jan 30)
- Re: SSH brute force China and Linux: best practices James Hess (Jan 30)
- Re: SSH brute force China and Linux: best practices Chuck Anderson (Jan 30)
- Re: SSH brute force China and Linux: best practices Joel Jaeggli (Jan 30)
- Re: SSH brute force China and Linux: best practices Randy Bush (Jan 30)
- Re: SSH brute force China and Linux: best practices Joe Greco (Jan 30)
- Re: SSH brute force China and Linux: best practices Randy Bush (Jan 30)
- Re: SSH brute force China and Linux: best practices John Mason Jr (Jan 30)
- Re: SSH brute force China and Linux: best practices Bazy (Jan 30)