[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFC: changes to default password strength checks in pam_unix

04-09-2007, John Kelly:
> On Sep 3, Lars Wirzenius wrote:
>>ti, 2007-09-04 kello 10:17 +0900, Miles Bader kirjoitti:
>>> If the system is excessively anal about what passwords it will let you
>>> use, people will just start writing them down...
>>That is arguably better than having passwords which can be guessed by
>>doing brute-force attackes over ssh.
> I stop brute force attacks by sending auth log messages to a FIFO which I 
> read with a perl script. After 10 login failures, your IP is firewalled for 
> 24 hours.

What about having more secure Debian's sshd_config by default?
PermitRootLogin no
DenyUsers       *
to start with.

Also i would really love to have sshd rc script being able to load
different configs easily. I have dummy sshd on 22 port and one actual
door on another. Having more dummy services else where, is more "security
by obscurity". Not 100% protection, but something.

Reply to: