On Thu, Mar 31, 2005 at 10:44:53PM -0600, Brad Sims wrote:`less /var/log/auth.log|grep Failed|wc -l` shows 185 attempts to compromise
my machine since March 27th...
of course the only thing that really helps is good passwords,
Or no passwords - if requiring public key authentication is feasible for a system you can disable password authentication entirely:
PubkeyAuthentication yes PasswordAuthentication no ChallengeResponseAuthentication no PAMAuthenticationViaKbdInt no
If you have systems which for various reasons need to be accessible from many locations this is an excellent way to sleep a little easier. Given that many utilities exist to simplify ssh-agent use it's starting to be feasible to switch user-visible machines over to this configuration in many environments - ease of use is a big carrot.
Chris
smime.p7s
Description: S/MIME cryptographic signature