On Mar 31, 2005, at 11:40 PM, Robert Lemmen wrote:
On Thu, Mar 31, 2005 at 10:44:53PM -0600, Brad Sims wrote:`less /var/log/auth.log|grep Failed|wc -l` shows 185 attempts to compromisemy machine since March 27th...of course the only thing that really helps is good passwords,
Or no passwords - if requiring public key authentication is feasible for a system you can disable password authentication entirely:
PubkeyAuthentication yes PasswordAuthentication no ChallengeResponseAuthentication no PAMAuthenticationViaKbdInt noIf you have systems which for various reasons need to be accessible from many locations this is an excellent way to sleep a little easier. Given that many utilities exist to simplify ssh-agent use it's starting to be feasible to switch user-visible machines over to this configuration in many environments - ease of use is a big carrot.
Chris
Attachment:
smime.p7s
Description: S/MIME cryptographic signature