Yo Eric! On Tue, 24 May 2016 18:03:51 -0400 "Eric S. Raymond" <e...@thyrsus.com> wrote:
> > Or even disable password logins altogether and use ssh keys only.
> > But that's not for the HOWTO's target audience, unfortunately.
>
> Actually ./clockbuilder --secure does exactly that. Gary's argument
> is that the --secure step should be done first rather than last. It's
> somewhat undermined by the fact that under his assumptions even that
> isn't good enough.
I do not want the best to be the enemy of the better. I'll settle for
the next small improvement.
I admit to have a sore spot on getting a good password in first. I have
seen many times a box hacked by a default passwword before people get to
the end of an install procedure to change it. In one case I watched
the same team, doing the same install, over and over again, and getting
hacked each time. They spent a full day on a 30 min procedure and
never completed.
My own host logs, for today, shows some hours of 3 or more attempts on
user pi. So, if the entire install procedure takes 30 mins, there is
a pretty good chance that pi gets hacked before the password chage at the
end.
Fool me once, shame on you, fool me twice, shame on me.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
g...@rellim.com Tel:+1 541 382 8588
pgpfSBvqpzQPS.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
