Re: Stopping Brute Force SSH Attacks
From: Bill Unruh (unruh_at_string.physics.ubc.ca)
Date: 10/15/04
- Next message: kermit: "PuTTY - proxy on command line"
- Previous message: Nico Kadel-Garcia: "Re: Stopping Brute Force SSH Attacks"
- In reply to: Duncan Murdoch: "Re: Stopping Brute Force SSH Attacks"
- Next in thread: John: "Re: Stopping Brute Force SSH Attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 15 Oct 2004 02:28:46 GMT
Duncan Murdoch <murdoch@stats.uwo.ca> writes:
]On 14 Oct 2004 21:06:30 GMT, unruh@string.physics.ubc.ca (Bill Unruh)
]wrote:
]>And if your users have at all reasonable passwords, they are harmless even
]>with password authentication enabled.
]But you never know. Is one of your users lending his account to a
]visitor for a few days, and emailed him the password for it? Does
]another one have his password written on a sticky on his monitor?
]Does a third use the same password everywhere, including a POP3 server
]that he accesses over an unencrypted line?
??? So what? If they are going to so that they can always put their friends
into their authorized keys files as well, run xhost with + + and do all
sorts of other nasty things. Ie, ssh will be the least of your worries.
- Next message: kermit: "PuTTY - proxy on command line"
- Previous message: Nico Kadel-Garcia: "Re: Stopping Brute Force SSH Attacks"
- In reply to: Duncan Murdoch: "Re: Stopping Brute Force SSH Attacks"
- Next in thread: John: "Re: Stopping Brute Force SSH Attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
