Re: Have I been hacked?

To: debian-user@lists.debian.org
Subject: Re: Have I been hacked?
From: Jerry Stuckle <stucklejerry@gmail.com>
Date: Fri, 09 Jan 2015 10:49:49 -0500
Message-id: <[🔎] 54AFF89D.4000701@gmail.com>
In-reply-to: <[🔎] 3714920.DLpo8KHxcl@merkaba>
References: <[🔎] 20150106180456.GA8657@fever.havannah.local> <[🔎] 7851846.GjTCVcmPuo@merkaba> <[🔎] 09012015001632.a7c9236b8b1d@desktop.copernicus.demon.co.uk> <[🔎] 3714920.DLpo8KHxcl@merkaba>

On 1/9/2015 4:25 AM, Martin Steigerwald wrote:
> Am Freitag, 9. Januar 2015, 00:24:06 schrieb Brian:
>> On Thu 08 Jan 2015 at 22:36:46 +0100, Martin Steigerwald wrote:
>>> Am Donnerstag, 8. Januar 2015, 14:20:27 schrieb Jerry Stuckle:
>>>> Just ensure you're using good security practices - don't allow root
>>>> login, use long, random passwords, etc.  I also use a random character
>>>> strings for the login ids, as well as passwords  - just one more thing
>>>> for the hackers to have to figure out how to get around.
>>>
>>> Only allow SSH key based logins. Of course, only after you copied a public
>>> key onto the machine with ssh-copy-id.
>>>
>>> And have SSH keys with *strong* passphrases, to protect against someone
>>> stealing your key. Use ssh-agent wisely only on trusted machines.
>>
>> SSH password logins are just as safe. 20 characters gives a strong
>> password for use on trusted machines. There is no need to worry about
>> it being stolen because it is in your memory,
> 
> I think SSH keys are safer, cause there is no password at all that can be 
> brute forced. Okay, one can try to guess the key, but try that with a 4096 bit 
> key.
>

SSH passwords are very safe, if they are long enough.  For instance, if
you have a 10 character password, mixed case and numbers (no special
characters), a brute force attack of 100 attempts per second would take
almost 266 million years to cover all possibilities.  11 characters
would take over 16 billion years - longer than the life of the universe.

The biggest disadvantage of using keys is it limits the machines you can
access the server from.  That's not good if you need to access the
server and you're not near your machine.

> Anyway, I will unsubscribe now.
> 
> Staying on this list has not been beneficial for me.
> 
> The amount of traffic on this list, that is not related to Debian or is 
> bickering like this is soo high that I find it too time consuming to find out 
> the rare gems of threads where I can still learn something new about Debian or 
> that I enjoy in engaging and replying to.
> 
> Don´t bother to answer. I will likely delete it.
> 
> Ciao,
> 

If a little off-topic discussion bothers you, then it probably is best
you unsubscribe.  Personally, I've learned a lot just from reading this
list.

Jerry

Reply to:

Follow-Ups:
- Re: Have I been hacked?
  - From: Eduardo M KALINOWSKI <eduardo@kalinowski.com.br>
- Re: Have I been hacked?
  - From: Bob Holtzman <holtzm@cox.net>

References:
- Have I been hacked?
  - From: Danny <mynixmail@gmail.com>
- Re: Have I been hacked?
  - From: Martin Steigerwald <Martin@lichtvoll.de>
- Re: Have I been hacked?
  - From: Brian <ad44@cityscape.co.uk>
- Re: Have I been hacked?
  - From: Martin Steigerwald <Martin@lichtvoll.de>

Prev by Date: Re: Have I been hacked?
Next by Date: Re: Have I been hacked?
Previous by thread: Re: Have I been hacked?
Next by thread: Re: Have I been hacked?
Index(es):
- Date
- Thread