Re: site-to-site VPN with credential prompts?

To: debian-user@lists.debian.org
Subject: Re: site-to-site VPN with credential prompts?
From: Jan Claeys <lists@janc.be>
Date: Tue, 25 Mar 2025 23:48:45 +0100
Message-id: <[🔎] 6073ce94b05133a0523575d3da6212946aba1c86.camel@janc.be>
In-reply-to: <[🔎] 2d44ba8e-2312-43c9-8666-518d65918f9d@gmail.com>
References: <[🔎] CAH8yC8kg=yNE7Avp6++wEr3Nfcnpp5zWMmjRjhaGRHmx0ubMoQ@mail.gmail.com> <[🔎] c4e72e8d-5d09-423d-b907-52c7e1cf1f31@gmail.com> <[🔎] eb891680-242e-42bf-80b9-f2c8af617e43@gmail.com> <[🔎] fa07848b356064f4bcdc46af5a378c91600e0923.camel@janc.be> <[🔎] Z-LV6BAgLyLnXQva@phare.normalesup.org> <[🔎] c4b2b7ceb5ce7475f20f46e3964062d55bad8a1f.camel@janc.be> <[🔎] CAO6YxPy=M-NRhGGmhjrMPBZpsyjFBm+yrBOfZz3JZoyhB0r94g@mail.gmail.com> <[🔎] Z+MWGbulcxQKF2bb@tuxteam.de> <[🔎] 2d44ba8e-2312-43c9-8666-518d65918f9d@gmail.com>

On Wed, 2025-03-26 at 04:55 +0800, jeremy ardley wrote:
> Out of the box debian has passwords enabled and certificates allowed
> but not mandatory.

> I can guarantee at least 90% of all debian installations do not have
> the defaults changed (let alone any of the other flavours of linux).

Obviously nobody is suggesting that people run an insecure SSH setup.
You should always use keys with SSH, but especially when it’s publicly
listening.

> This is the precise reason I get dozens of attempts  a minute on my
> firewall port 22.

FWIW: at that rate it takes millions of years to guess an even halfway
semi-secure 8-character password, let alone the really secure longer
one you _should_ be using.

(But almost all of those attempts only try a small number of very
insecure and/or “default” user/password combinations anyway.)

-- 
Jan Claeys

(please don't CC me when replying to the list)

Reply to:

Follow-Ups:
- Re: site-to-site VPN with credential prompts?
  - From: jeremy ardley <jeremy.ardley@gmail.com>

References:
- site-to-site VPN with credential prompts?
  - From: Jeffrey Walton <noloader@gmail.com>
- Re: site-to-site VPN with credential prompts?
  - From: jeremy ardley <jeremy.ardley@gmail.com>
- Re: site-to-site VPN with credential prompts?
  - From: jeremy ardley <jeremy.ardley@gmail.com>
- Re: site-to-site VPN with credential prompts?
  - From: Jan Claeys <lists@janc.be>
- Re: site-to-site VPN with credential prompts?
  - From: Nicolas George <george@nsup.org>
- Re: site-to-site VPN with credential prompts?
  - From: Jan Claeys <lists@janc.be>
- Re: site-to-site VPN with credential prompts?
  - From: Timothy M Butterworth <timothy.m.butterworth@gmail.com>
- Re: site-to-site VPN with credential prompts?
  - From: <tomas@tuxteam.de>
- Re: site-to-site VPN with credential prompts?
  - From: jeremy ardley <jeremy.ardley@gmail.com>

Prev by Date: Re: site-to-site VPN with credential prompts?
Next by Date: Re: site-to-site VPN with credential prompts?
Previous by thread: Re: site-to-site VPN with credential prompts?
Next by thread: Re: site-to-site VPN with credential prompts?
Index(es):
- Date
- Thread