SSH hacked?
Smoot Carl-Mitchell
smoot at tic.com
Tue Jan 13 17:41:23 UTC 2009
On Tue, 2009-01-13 at 11:45 -0500, Kent Borg wrote:
> My first suggestion for keeping ssh secure was to have long, quality
> passwords that are not recycled. Judging from the fact that I am the
> only person I know who does not recycle passwords, this is a RADICAL
> suggestion! Yet it prompted no reaction. People kept talking about
> moving sshd to different ports.
Passwords have always been the weakest link in system security.
However, we are kind of stuck with them unless you go to two factor
systems like SecureId. It is surprising how few people know how to
create really good secure passwords. It is not that difficult and they
do not have to be random. In fact a random password is worse because it
is eventually written down because you cannot remember it easily.
I use two algorithms for creating good passwords. The first is to
concatenate two unrelated dictionary words together and transliterate
some of the characters and add capitalization randomly. The other is to
think up a nonsense phrase and take the first letter of each word and
use that (with appropriate transliteration and capitalization).
Passwords like the above are extremely difficult to break even if you
have access to the hashed password.
If you have a multiuser system you need to have a mechanism to enforce
the above rules because some people will not follow them.
--
Smoot Carl-Mitchell
Computer Systems and
Network Consultant
smoot at tic.com
+1 480 922 7313
cell: +1 602 421 9005
More information about the ubuntu-users
mailing list