On 3/2/2012 1:45 PM, Randal L. Schwartz wrote: >>>>>> "Jim" == Jim Garrison <[email protected]> writes: > > Jim> I've been runnin SSH on several Internet-facing servers, and > Jim> used to get hundreds, if not thousands, of these messages in > Jim> the logs. I finally got tired of this and moved my SSH server > Jim> to a different port (such as 12345 -- not what I use :-), and > Jim> now NEVER get these. > > Seconded. > > Jim> For added security, I long ago disabled password-based logins > Jim> and accept only public-key authentication. > > Sadly, I'm often logging in from machines that would not otherwise have > my public key.
I too considered the downside, but decided that the hassle of having to carry a USB stick with my private key was trumped by the risks of allowing password-based auth. I've never heard of a single breakin occurring with private-key auth that was due to true SSH protocol or encryption weakness. Failures in the human side of the process, however, have been known to happen. I use a _very_ long passphrase (over 30 characters), that would be meaningless to anybody else but has gotten to be pure muscle memory in my fingers so I can type it very quickly. -- Jim Garrison ([email protected]) PGP Keys at http://www.jhmg.net RSA 0x04B73B7F DH 0x70738D88 _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
