On 23 Nov 2006, at 15:42, paul at clubi.ie wrote:
>> Good comments already mentioned but I can't believe noone has
>> mentioned key based authentication for the 1 user who requires
>> sshd access, that will mitigate the problem of people stealing
>> passwords :-)
>> And open the problem that the security of the key is 'outsourced'
> to remote boxes.
>> SSH keys are not a magic wand
You blow this particular horn quite frequently Paul, but the fact
remains that when the question is "How do I defend against ssh brute
force attacks?" one of the useful answers is "Use ssh keys".
Authentication method Attack vector
Password Compromise password || brute force
SSH key Obtain key && compromise password
It's not really a question of "magic bullets", more a question of how
you minimise your exposure.
Niall
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
