On Wednesday 24 January 2007 02:38, Travis H. wrote: > Wise. Why play the game of "try to detect bad passwords chosen by > users" instead of just avoiding it altogether? You know someone will > eventually spell their name backwards, or pick the name of their > university, or something like that which is not in your dictionary.
At least in this case I get to pick the passwords. Outside of myself (the admin) there are no real users on the system. The ones needing flexible remote access will only have authpf as a shell. > Yeah. You can mitigate the script-kiddie dictionary attacks by running > ssh on a different port And this I do already. I get none of the attacks I used to get when running on port 22 (no attacks on several servers for several years now). Because of this I'm thinking this isn't all that bad. I don't permit root logins and use "AllowUsers" as well. If I started seeing some activity I could use some of PF's brute force trapping configurations. Although, as I just posted to my previous post, it would be nice, for security reasons, to be able to adjust the type of allowed login on a per user shell basis. Thanks for your assistance, Chris
