SSHD_config question
Brian McKee
brian.mckee at gmail.com
Thu Aug 14 14:33:36 UTC 2008
On Thu, Aug 14, 2008 at 10:02 AM, Rashkae <ubuntu at tigershaunt.com> wrote:
> Brian McKee wrote:
>> That being said, if you use real passwords (i.e. longer than 8,
>> include at least more than one case, some numbers and punctuation -
>> definitely not something you can find in a newspaper) you are fine.
>>
>> If you look at the attempts those ssh bots are trying the passwords
>> are laughably bad. If you have a laughably bad password then you have
>> issues :-)
> And I suppose, you have never in a moment of weakness created a user
> named Test with password test?
> It's a good idea to lock out password based logins from the wild from
> the wild. Prevents silly accidents.
Actually, no, I have never created a test user with the password test.
Nor admin/admin or root/root.
I do have a password that I admit to reusing from time to time in
exactly those cases - but it's definitely not test :-)
I agree wholehardly that using keys and disabling password based
logins is a great idea. Silly accidents do happen.
Brian
More information about the ubuntu-users
mailing list