Bug#195716: Fixing Bug Info

To: 195716@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Bug#195716: Fixing Bug Info
From: Brian White <bcwhite@precidia.com>
Date: Wed, 19 Jul 2006 10:03:53 -0400
Message-id: <[🔎] 44BE3BC9.2070508@precidia.com>
Reply-to: Brian White <bcwhite@precidia.com>, 195716@bugs.debian.org

severity 195716 important
--

After watching my external access logs for a while, I saw numerousattempts to log in to different accounts with password guessing. I tryto keep user passwords pretty secure, but there's always a chance of itnot being that way or being guessed anyway.

For the time being, I'll remove the ability to log in with only apassword, but that's not ideal either as I cannot control the strengthof the pass-phrase attached to an SSH key and it a user's home machinewere to be breached or his/her laptop stolen, then there is alwayspossible access this way.

The only way around this that I can see is to require users to use botha public key (can be stored, forwarded, etc.) AND their login password(which may be weak but is not stored).


                                          Brian
                                 ( bcwhite@precidia.com )

-------------------------------------------------------------------------------
    Treat someone as they are and they will remain that way.  Treat someone
                 as they can be and they will become that way.

Reply to:

Follow-Ups:
- Processed: Fixing Bug Info
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Processed: Re: Bug#366541: openssh-server: [security] use /bin/nologin instead of /bin/false
Next by Date: Processed: security
Previous by thread: Processed: Re: Bug#366541: openssh-server: [security] use /bin/nologin instead of /bin/false
Next by thread: Processed: Fixing Bug Info
Index(es):
- Date
- Thread