hi, On 11 October 2010 17:54, Nick Andrew <[email protected]> wrote: > On Mon, Oct 11, 2010 at 16:31, justin randell <[email protected]> > wrote: > >> unless there's some really good reason not to, i'd strongly advise >> securing your ssh so that it's public-key only. i've seen too many >> places that rely on limiting the amount of ssh attempts get hacked to >> put any faith in that method any more. > > Don't discount defense in depth. Hostile IP addresses found by ssh > rate-limiting can be blocked from all ports. It doesn't preclude use of > keys instead of passwords.
discount? how much is defence in depth going for these days? ;-) perhaps i wasn't clear, but when i said "relying on rate limiting is bad", i didn't mean to imply "using rate-limiting is evil in all forms no matter what". if i had to choose between rate limiting and strong passwords vs keys, i'd choose keys. cheers justin -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
