On Monday 26 June 2006 18:32, Ian Cheong wrote: > BTW, one has to explicitly turn off password authentication for sshd. > Getting rid of all default and easy to guess user names provides > limited protection, as it wouldn't take a genius to discover a likely > list of user names for a system. > > Can't see there is any problem with using any insecure or potentially > weak protocol (old VNC) over ssh. ssh with password authentication > enabled would seem just as vulnerable to a brute force attack as > opening RDP on windows to the world.
Those who allow password identification on ssh, usually would use it in conjunction with fail2ban or similar, which makes brute force attacks unfeasable (http://fail2ban.sourceforge.net/wiki/index.php/Main_Page). It has the additional advantage that it will help to prevent brute force attacks for other login methods as well, e.g. password protected web pages. Knowing the tools of the trade is essential in that business. Horst _______________________________________________ Gpcg_talk mailing list [email protected] http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
