Re: Format of host keys in ~/.ssh/known_hosts

From: Fred Mobach <fred@xxxxxxxxx>
Date: Tue, 09 Feb 2010 22:22:45 +0100

Dag-Erling Smørgrav wrote:

Fred Mobach <fred@xxxxxxxxx> writes:

In order to block such bots to fill my log partition I really like
the sshd_config option UsePAM no

I don't quite understand what you think you'll achieve by disabling
PAM (except for disabling support for pretty much any secure
authentication method other than keys, if you trust your users to
protect their keys with passphrases)

Well, most of the servers we are administrating has no users except our
staff. So for those no other access method than keys is needed. And
this method has proven to work very well for over ten years. Thanks to
key management, of course.

There are plenty of other solutions; the simplest is to move sshd to
a different port, e.g. 443.

Why do I not trust security by obscurity ? I'm afraid that nmap will
show the banners of sshd on any port.
--
Fred Mobach - fred@xxxxxxxxx
website : https://fred.mobach.nl
.... In God we trust ....
.. The rest we monitor ..
.

Follow-Ups:
- Re: Format of host keys in ~/.ssh/known_hosts
  - From: unruh
- Re: Format of host keys in ~/.ssh/known_hosts
  - From: Dag-Erling Smørgrav

References:
- Format of host keys in ~/.ssh/known_hosts
  - From: rj
- Re: Format of host keys in ~/.ssh/known_hosts
  - From: unruh
- Re: Format of host keys in ~/.ssh/known_hosts
  - From: unruh
- Re: Format of host keys in ~/.ssh/known_hosts
  - From: Russell Hoover
- Re: Format of host keys in ~/.ssh/known_hosts
  - From: unruh
- Re: Format of host keys in ~/.ssh/known_hosts
  - From: Ignoramus3837
- Re: Format of host keys in ~/.ssh/known_hosts
  - From: Ivan Shmakov
- Re: Format of host keys in ~/.ssh/known_hosts
  - From: Ignoramus30280
- Re: Format of host keys in ~/.ssh/known_hosts
  - From: Ivan Shmakov
- Re: Format of host keys in ~/.ssh/known_hosts
  - From: Fred Mobach
- Re: Format of host keys in ~/.ssh/known_hosts
  - From: Dag-Erling Smørgrav

Prev by Date: GSSAPIAuthentication yes
Next by Date: Re: Format of host keys in ~/.ssh/known_hosts
Previous by thread: GSSAPIAuthentication yes
Next by thread: Re: Format of host keys in ~/.ssh/known_hosts
Index(es):
- Date
- Thread

Relevant Pages

Re: Format of host keys in ~/.ssh/known_hosts
... PAM (except for disabling support for pretty much any secure ... authentication method other than keys, if you trust your users to ... Why do I not trust security by obscurity? ... As the old joke goes-- to protect myself against bears, ...
(comp.security.ssh)
Re: ASDF-INSTALL for CMUCL, CLISP, AllegroCL, and LispWorks - plus tutorial
... > AND I've established a trust relationship with them, ... thusly gaining multiple weakly trusted keys in one whopping step. ... as opposed to installation which will happen with every new ... > than simply downloading packages directly from people's pages, ...
(comp.lang.lisp)
Re: Resource Guarding
... But its an *excellent* manual for how to handle resource guarding in ... dogs. ... other, he learns to trust you, and you have a handle on his behavior. ... Under those conditions, you handed him the keys to shiny Corvette, ...
(rec.pets.dogs.behavior)
Re: Web of Trust (a revolution)
... * Never trust this key. ... So you can't have a cert signed by multiple ... Ought to be possible for people to visit companies' offices and sign their keys, ... SSL keys, I mean, for services. ...
(Fedora)
Re: Finger Crossing Good
... > component in a cipher system that one doesn't quite trust, ... If one doesn't trust the people who handle the keys, ... > untrusted person giving a key to an untrusted cryptomodule, ... > than just betray the keys he enters; ...
(sci.crypt)