Re: ssh: Permission denied

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Dylan Semler wrote:
...snip...

However, if you use an 8-digit password with capital and lowercase letters, numbers, and symbols, there are 8^( 26*2 + 10*2 + 20 ) = 8^92 = 1.21e83 possible passwords. Since ssh waits about a second after each incorrect password and there have been only 3.32e17 seconds in the history of the universe, it seems scritcly /impossible/ for a password to be guessed. So the risk must not be from password-bots. What is the risk then?
That is not the larger danger. The larger danger is that someone will find and publish an exploit for ssh2 as root That did happen to ssh1, and is why you should never allow ssh1 protocol to the Internet, ESPECIALLY if you allow root logins. ssh1 is still supported (thankfully) for compatibility with older systems. It is not meant to be used otherwise.

In that case if you allow root logins from ssh an exploiter can access your system as root, even without password guessing.

It is always best to avoid those possibilities. Turn off ssh1 and root access via ssh. See my other post in this thread for how to:

Also, right now I set up sudo so it doesn't prompt for passwords, so in effect, any user that logs in can become root. Is this very very bad as well?

Once a person is on your system, its too late. Its only a minor inconvenience for the hacker when you disallow sudo, but I do it anyway.

It is most common for a hacker to install a 'root kit' instead. There are still several that will work. And on older systems ... well he can just pick one. :)

By allowing open sudo, maybe a bud of yours will install a root kit for fun when you though he was playing on your new PS3 in there. :)

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux