[ILUG] SSH dictionary attacks.
diamond at skynet.ie
Wed Aug 23 21:15:20 IST 2006
On 23/08/06, paul at clubi.ie <paul at clubi.ie> wrote:
> On Wed, 23 Aug 2006, Stephen Shirley wrote:
> > Bar having some kind of physical token (RSA smart card etc), how can
> > you apply policy regardless of whether the user uses ssh keys,
> > passwords, or host-based authentication?
> This message would have reached my notice much sooner if you'd
> respected the hints I set in my mails to ILUG. You may wish to switch
> to a less broken MUA.
My MUA works just fine. I had manually trimmed the reply addresses as
i thought they were just the usual reply-all accumulated cruft.
> As I no longer have time to properly reply (my food has arrived!) I
> suggest instead you re-read the mail of mine to which you replied
> more carefully.
Hum. Ok, upon re-reading it and another one of your replies, it seems
you are advocating using normal passwords rather than ssh keys +
passphrases. Isn't that trading the chances of a user screwing up
against those of a dictionary attack being successful though?
"You are technically correct, the best kind of correct."
- Bureaucrat 1.0, Futurama
More information about the ILUG