SSH hacked?

[Knapp]

>
> This is not as big a deterrent as you think.  A typical 'brute force'
> attack nowadays is usually 6 to seven tries an IP over the course of
> weeks or months.  This does two things, it narrows down potential
> usernames (and passwords) and makes it harder to protect against.
> That's why I use fail2ban.  Most users don't change passwords often (or,
> indeed at all) so this type of attack is more successful than you would
> think.  Granted using strong passwords helps but no matter how strong it
> is, if you don't change it regularly, it'll get hacked.
>
>
> --
> Mark Haney
>  <mhaney at ercbroadband.org>


I keep reading this bit about users not changing passwords. I am sure it is
true but Linux has options that are very easy to use that forces the users
to pick new passwords after a set amount of time. Why not just use this?

-- 
Douglas E Knapp

Amazon Gift Cards; let them choose!!
http://www.amazon.com/gp/product/B001078FFE?ie=UTF8&tag=seattlebujinkand&linkCode=as2&camp=1789&creative=9325&creativeASIN=B001078FFE
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20090114/7d75422e/attachment.html>