[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Darn skiddies (ssh login attempts)

On Fri, 01 Apr 2005, Michael Stone wrote:
> On Fri, Apr 01, 2005 at 01:23:09AM -0800, Chris Adams wrote:
> >Or no passwords - if requiring public key authentication is feasible 
> >for a system you can disable password authentication entirely:
> 
> I generally consider that to be a horrible idea. Instead of centrally
> managed password policies you now have your security entrusted to the
> security of all of your user's ssh keys. IME most users aren't really
> careful about how they handle those.

Nowadays user passwords often end up being stolen, not broken (trojans,
etc).  Keys offer no degraded security in that scenario.  But they don't
offer improved security apart from stopping the brute-force attacks.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh
Reply to: