"CK" == Christopher Klaus <cklaus@iss.net> writes: CK> Telnetd,rexecd,rshd,rlogind should all be turned off and replaced with CK> a tool like ssh. But even ssh can be bruteforced, it is just a LOT more CK> time consuming since it only allows 1 try per connection and there is CK> quite a bit of time consumed generating the random keys for transferring. And it's even harder if you run sshd in this mode (in /etc/sshd_config): RhostsAuthentication no RhostsRSAAuthentication no RSAAuthentication yes PasswordAuthentication no No passwords (not even for a fallback)--only already-locally-known keys can get you in. Makes for pretty tough cracking, especially if you protect those keys with nice long pass-phrases and never type them over a network or into a non-secured xterm, etc.... --Up. -- Jeff Uphoff - systems/network admin. | juphoff@nrao.edu National Radio Astronomy Observatory | juphoff@bofh.org.uk Charlottesville, VA, USA | jeff.uphoff@linux.org PGP key available at: http://www.cv.nrao.edu/~juphoff/