View Single Post
  #7   (View Single Post)  
Old 21st June 2008
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Tcpdump Spy
Join Date: Apr 2008
Location: New Zealand
Posts: 2,204

'm one of those admins who believes passwords are an awful way to secure anything. An 8-byte ASCII password can be broken in a few days by scripted attack. So I configure all production SSH daemons I administer to deny root logon, and also to deny password authentication. Instead I configure alternate, stronger authentications such as public keys and S/Key one-time-passphrases. The specific authentication depends upon the server and its services.
This is a bit OT, but you have a "MaxAuthTries" option which defaults to 6 ... Preventing brute-force attacks.
Or am I missing something?
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote