Darrin Chandler wrote:
> On Thu, Feb 22, 2007 at 09:43:21PM -0700, Jon M. Hanson wrote:
>>     I'm guessing they got in through some kind of guest account you have
>> setup (but maybe didn't know about) or another common account name with
>> a weak password. I constantly watch my system logs and several times a
>> week I'll get a ton of attempts to try to brute force passwords to
>> various accounts through SSH.
> 
> It's quite possible. I get those same attempts, and pretty much everyone
> else does too. In response, some people set up elaborate schemes (port
> knockers and whatnot) in order to protect themselves. It's not as secure
> as they think. Allowing password authentication with good passwords is
> bad. Allowing it when your password is 'golfnut' is asking for trouble.
> Yes, even if you spell it 'g01FnuT'. (Ok, how many of you winced just
> now because I guessed your password or got close?)
> 
> Those of you out there running sshd, PLEASE consider using ssh-keygen
> and using the key pairs for authentication *instead* of passwords, and
> setting "PasswordAuthentication no" in your config. It really is pretty
> easy, and really will make your system safer. Of course that's not all
> there is to security, but I've seen many people have otherwise secure
> systems, with everything patched and up to date, and allow password auth
> with weak passwords. It's like putting bars on your windows and leaving
> the front door open.
> 

This sounds like a nice mini-presentation (howto) for a meeting.

-- 
-Eric 'shubes'
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change  you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss