SSH hacked?

Brian ad44 at
Wed Jan 14 00:55:24 UTC 2009

On Tue 13 Jan 2009 at 17:20:08 -0500, Mark Haney wrote:

> This is not as big a deterrent as you think.  A typical 'brute force' 
> attack nowadays is usually 6 to seven tries an IP over the course of 
> weeks or months.  This does two things, it narrows down potential 
> usernames (and passwords) and makes it harder to protect against.  
> That's why I use fail2ban.  

Given a strong password the narrowing down is equivalent to removing one
grain of sand a year from a beach.

>                              Most users don't change passwords often (or, 
> indeed at all) so this type of attack is more successful than you would 
> think.  Granted using strong passwords helps but no matter how strong it 
> is, if you don't change it regularly, it'll get hacked.

Strong passwords are no less strong for not being changed.

More information about the ubuntu-users mailing list