Re: brute force

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: der Mouse: "Re: Not so much a bug as a warning of new brute force attack"
• Previous message: mdr@vodka.sse.att.com: "Selecting Good Passwords"

"CK" == Christopher Klaus <cklaus@iss.net> writes:

CK> Telnetd,rexecd,rshd,rlogind should all be turned off and replaced with
CK> a tool like ssh.   But even ssh can be bruteforced, it is just a LOT more
CK> time consuming since it only allows 1 try per connection and there is
CK> quite a bit of time consumed generating the random keys for transferring.

And it's even harder if you run sshd in this mode (in /etc/sshd_config):

RhostsAuthentication no
RhostsRSAAuthentication no
RSAAuthentication yes
PasswordAuthentication no

No passwords (not even for a fallback)--only already-locally-known keys
can get you in.  Makes for pretty tough cracking, especially if you
protect those keys with nice long pass-phrases and never type them over
a network or into a non-secured xterm, etc....

--Up.

--
Jeff Uphoff - systems/network admin.  |  juphoff@nrao.edu
National Radio Astronomy Observatory  |  juphoff@bofh.org.uk
Charlottesville, VA, USA              |  jeff.uphoff@linux.org
    PGP key available at: http://www.cv.nrao.edu/~juphoff/

• Next message: der Mouse: "Re: Not so much a bug as a warning of new brute force attack"
• Previous message: mdr@vodka.sse.att.com: "Selecting Good Passwords"