There is a concept called dynamic firewall i am working on that should eliminate any brute force attempts. If you think about it, if you know someone is trying to break in there is no need to give them access to the server any more. So after a hundred wrong passwords you cut them off. Reindl Harald <h.reindl@xxxxxxxxxxxxx> wrote: > > >Am 29.12.2011 12:56, schrieb Leonard den Ottolander: >> Hello Reindl, >> >> On Thu, 2011-12-29 at 12:29 +0100, Reindl Harald wrote: >>> Am 29.12.2011 09:17, schrieb Bennett Haselton: >>>> Even though the ssh key is more >>>> random, they're both sufficiently random that it would take at >least >>>> hundreds of years to get in by trial and error. >> >>> if you really think your 12-chars password is as secure >>> as a ssh-key protcected with this password you should >>> consider to take some education in security >> >> Bennett clearly states that he understands the ssh key is more >random, >> but wonders why a 12 char password (of roughly 6 bits entropy per >byte >> assuming upper & lower case characters and numbers) wouldn't be >> sufficient. > >so explain me why discuss to use or not to use the best >currently availbale method in context of security? > >this is a secure configuration with no costs >so why not use it? > >PasswordAuthentication no >ChallengeResponseAuthentication no >GSSAPIAuthentication no >GSSAPICleanupCredentials no >RSAAuthentication yes >PubkeyAuthentication yes >PermitEmptyPasswords no >PermitRootLogin without-password >AllowGroups root verwaltung >AllowUsers root harry >IgnoreRhosts yes >HostbasedAuthentication no >StrictModes yes >UseDNS no >UsePrivilegeSeparation yes >UsePAM yes >LoginGraceTime 25 >MaxAuthTries 10 >MaxStartups 25 > >_______________________________________________ >CentOS mailing list >CentOS@xxxxxxxxxx >http://lists.centos.org/mailman/listinfo/centos -- Sent from my Android phone with K-9 Mail. Please excuse my brevity. _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
Re: what percent of time are there unpatched exploits against default config?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: CentOS mailing list <centos@xxxxxxxxxx>
- Subject: Re: what percent of time are there unpatched exploits against default config?
- From: Alex Milojkovic <centos@xxxxxxxxxxxxxxxx>
- Date: Fri, 30 Dec 2011 01:55:41 -0800
- Delivered-to: centos@xxxxxxxxxx
- In-reply-to: <4EFC581C.1080509@thelounge.net>
- User-agent: K-9 Mail for Android
- Follow-Ups:
- Re: what percent of time are there unpatched exploits against default config?
- From: Johnny Hughes
- Re: what percent of time are there unpatched exploits against default config?
- References:
- what percent of time are there unpatched exploits against default config?
- From: Bennett Haselton
- Re: what percent of time are there unpatched exploits against default config?
- From: Gilbert Sebenste
- Re: what percent of time are there unpatched exploits against default config?
- From: Bennett Haselton
- Re: what percent of time are there unpatched exploits against default config?
- From: Karanbir Singh
- Re: what percent of time are there unpatched exploits against default config?
- From: Bennett Haselton
- Re: what percent of time are there unpatched exploits against default config?
- From: Johnny Hughes
- Re: what percent of time are there unpatched exploits against default config?
- From: Bennett Haselton
- Re: what percent of time are there unpatched exploits against default config?
- From: Reindl Harald
- Re: what percent of time are there unpatched exploits against default config?
- From: Leonard den Ottolander
- Re: what percent of time are there unpatched exploits against default config?
- From: Reindl Harald
- what percent of time are there unpatched exploits against default config?
- Prev by Date: Re: what percent of time are there unpatched exploits against default config?
- Next by Date: Re: what percent of time are there unpatched exploits against default config?
- Previous by thread: Re: what percent of time are there unpatched exploits against default config?
- Next by thread: Re: what percent of time are there unpatched exploits against default config?
- Index(es):
 |