a simple questions about sshd and PasswordAuthentication
Is there anything inherintaly dangerous or wrong about enabling PasswordAuthentication in sshd_config ? I understand how public keys are better and everything else. And I do use them. I'm just curious. Jeff. -- Unless otherwise indicated, anything I write is either garnered from experience or pulled out of my ass, depending on situational needs.. Jeff MacDonald ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: a simple questions about sshd and PasswordAuthentication
On 10/25/06, Jeff MacDonald [EMAIL PROTECTED] wrote: Is there anything inherintaly dangerous or wrong about enabling PasswordAuthentication in sshd_config ? I understand how public keys are better and everything else. And I do use them. I'm just curious. Probably not, if you have strong passwords and sensible management policies. That said, PasswordAuthentication attracts the brute-force crackers like flies to rotting meat, so... -- Juha http://www.geekzone.co.nz/juha ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: a simple questions about sshd and PasswordAuthentication
--- Juha Saarinen [EMAIL PROTECTED] wrote: On 10/25/06, Jeff MacDonald [EMAIL PROTECTED] wrote: Is there anything inherintaly dangerous or wrong about enabling PasswordAuthentication in sshd_config ? I understand how public keys are better and everything else. And I do use them. I'm just curious. Probably not, if you have strong passwords and sensible management policies. That said, PasswordAuthentication attracts the brute-force crackers like flies to rotting meat, so... Password authentication in combination with running sshd on a non-standard port is what I use. No problem there. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: a simple questions about sshd and PasswordAuthentication
On 10/24/06, Jeff MacDonald [EMAIL PROTECTED] wrote: Is there anything inherintaly dangerous or wrong about enabling PasswordAuthentication in sshd_config ? I understand how public keys are better and everything else. And I do use them. I'm just curious. There are many arguments for and against, but /inherintaly/ they are the same. You are comparing your secret to the secret stored on the server. Keys just tend to be much longer secrets, and are also more difficult to change. -- -- Perfection is just a word I use occasionally with mustard. --Atom Powers-- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: a simple questions about sshd and PasswordAuthentication
On Tuesday 24 October 2006 21:54, Atom Powers wrote: On 10/24/06, Jeff MacDonald [EMAIL PROTECTED] wrote: Is there anything inherintaly dangerous or wrong about enabling PasswordAuthentication in sshd_config ? I understand how public keys are better and everything else. And I do use them. I'm just curious. There are many arguments for and against, but /inherintaly/ they are the same. You are comparing your secret to the secret stored on the server. Keys just tend to be much longer secrets, and are also more difficult to change. I don't know about that. With password authentication someone has to guess a valid username and password. With key authentication someone has to guess a valid username, key, and passphrase. While I have boxes that experience thousands of password based brute force attempts a day I don't recall anyone ever bothering to try and brute-force a key. My personal opionion is that if you are using key-based authentication you are for all practical purposes invulnerable to brute-forcing. The only way someone is going to get in is via an exploit in ssh or by stealing the key and passphrase from a valid user. -- Thanks, Josh Paetzel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: a simple questions about sshd and PasswordAuthentication
On Tuesday 24 October 2006 21:49, Juha Saarinen wrote: On 10/25/06, Jeff MacDonald [EMAIL PROTECTED] wrote: Is there anything inherintaly dangerous or wrong about enabling PasswordAuthentication in sshd_config ? I understand how public keys are better and everything else. And I do use them. I'm just curious. Probably not, if you have strong passwords and sensible management policies. That said, PasswordAuthentication attracts the brute-force crackers like flies to rotting meat, so... agreed. 3 weeks ago, i just firewalled off the port (actually, removed the nat), and now require vpn to gain access to my home network. i was repeatedly having pages and pages long nightly security emails of failed ssh attempts. not any more. if the port aint there... they cant bruteforce it! cheers, jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]