On Mon, Jul 27, 2015 at 8:43 PM, Lars Seipel <lars.seipel@xxxxxxxxx> wrote: > On Mon, Jul 27, 2015 at 11:19:41AM -0600, Chris Murphy wrote: >> Why is password quality being targeted rather than the number of ssh >> attempts being set to e.g. 3 per minute, by default? And does this >> sufficiently mitigate the concern, and if not, why not? > > Restricting login attempts means that now even the most naïve kind of > attack can lock me out of my machine. You know, the really stupid > attacks that rain down on almost any internet host in gigantic numbers > but are effectively countered by using anything but the most trivial of > passwords. Not if you apply the limit per IP (of the client). -- desktop mailing list desktop@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/desktop
