SSH hacked?
Smoot Carl-Mitchell
smoot at tic.com
Tue Jan 13 17:45:55 UTC 2009
On Tue, 2009-01-13 at 09:28 -0800, Knute Johnson wrote:
> Knapp wrote:
> > The lesson is that it is really easy to get passwords, even in tight
> > systems. Be really careful!
>
> Isn't that really the point. Why use passwords at all with SSH? The
> public key authentication is several orders of magnitude harder to crack
> than username/password. And it is really easy to use.
I agree and I use it all the time because it is very convenient. You do
have to protect your private key passphrase. But only allowing public
key authentication will protect you from brute force attacks on SSH. You
do need to enforce this by turning off password authentication on the
SSH server.
--
Smoot Carl-Mitchell
Computer Systems and
Network Consultant
smoot at tic.com
+1 480 922 7313
cell: +1 602 421 9005
More information about the ubuntu-users
mailing list