Le Mar 20 mars 2007 10:46, Alexander Boström a écrit : > tis 2007-03-20 klockan 10:24 +0100 skrev Nicolas Mailhot: > >> Disabling ssh is not a good solution, many people need it. However the >> default fedora ssh setup is woefully insecure > > I think it can be off by default. To use it securely you should log in > locally and look at or replace the host key anyway, so you might as well > enable it at the same time. (But I guess people use SSH for > better-than-nothing security, rather than checking host keys.) > >> At least ssh rate-limiting should be in the default firewall install. > > That'll just delay the problem. For casual brute-force attacks it will solve the problem, but it's true firewall-level blacklisting is prone to DOSing (as opposed to pam-level blacklisting that knows about "users") -- Nicolas Mailhot -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
