[ILUG] SSH dictionary attacks.
paul at clubi.ie
paul at clubi.ie
Wed Aug 23 21:24:32 IST 2006
On Wed, 23 Aug 2006, Stephen Shirley wrote:
> My MUA works just fine. I had manually trimmed the reply addresses as
> i thought they were just the usual reply-all accumulated cruft.
Apologies.
> Hum. Ok, upon re-reading it and another one of your replies, it
> seems you are advocating using normal passwords rather than ssh
> keys + passphrases.
Unless you have faith in the competence of your users, correct.
If you do have such faith in your users, ssh keys are rather useful.
The policy thing was specifically about pass-phrase policy -> you
can't apply any to users and their ssh keys. (You can with local
passwords).
> Isn't that trading the chances of a user screwing up against those
> of a dictionary attack being successful though?
Yes. However at least you have control over your fate, your server
can apply its own "dictionary attack" on users when they change their
password. All modern Linux distributions and Unix OSes which I have
used do this.
regards,
--
Paul Jakma paul at clubi.ie paul at jakma.org Key ID: 64A2FF6A
Fortune:
Q: How many supply-siders does it take to change a light bulb?
A: None. The darkness will cause the light bulb to change by itself.
More information about the ILUG
mailing list