[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: need help with openssh attack



Anybody want's to check it out?
I can provide ssh access, if u will give me ssh key.



On Thu, Dec 29, 2011 at 11:06 PM, Noah Meyerhans <frodo@morgul.net> wrote:
> On Thu, Dec 29, 2011 at 04:39:24PM +0100, Kees de Jong wrote:
>> I guess I already pointed out everything. I added the updating part to it.
>>
>> * Use private not public keys with strong passwords
>
> This doesn't make any sense at all.  You need both private and public
> keys for key-based authentication, and it's very important that you
> recognize the difference between the two.
>
> Also, one of the real problems with ssh key authentication is that
> there's no way to enforce a strong password policy on the private keys.
> Plenty of times I've seen an otherwise secure host compromised when a
> user did something silly like drop their passwordless private key in
> their public_html folder.
>
> noah
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iD8DBQFO/LoqYrVLjBFATsMRAsg9AJ9aUkRhLNaFMgU0i/dfdM3RIhOe1gCfSZRu
> wOkLOurLw9E1VIg3k8Lshvg=
> =gcLw
> -----END PGP SIGNATURE-----
>


Reply to: