break-in attempt in my machine
Karl Auer
kauer at biplane.com.au
Fri Sep 2 15:00:00 UTC 2016
On Fri, 2016-09-02 at 16:34 +0200, Volker Wysk wrote:
> Am Samstag, 27. August 2016, 21:58:05 CEST schrieb Karl Auer:
> > 5: If you will only be logging in from a limited set of other
> > systems, allow ssh logins only from those addresses (or subnets).
> >
> Point no. 5 seems to be redundant if public key login is used. Only
> the right machines have the private keys.
Really? Maybe one day you'll get tricked into using a system with a
keylogger, so they get your passphrases. Or maybe they mug you, take
your keys and force you to reveal your passphrases. But either way, if
they aren't on the right network to log in, even that won't help them.
You could get hacked and your keys stolen - copied to another computer
somehwre in the world. Or even your entire computer including the keys,
could get stolen and used elsewhere. That's why you should always have
excellent passphrases. But even if they then crack your passphrases,
they still can't log in because they are coming from the wrong
addresses.
You could get kidnapped and taken, with your computer and/or your keys,
and be coerced into trying to log in from somewhere else. Best if you
can't, right?
These are all pretty unlikely, but that's what defence in depth is
*for* - making the likely unlikely and the unlikely even more so :-)
So if you can, limit the source addresses you accept logins from.
Regards, K.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)
http://www.biplane.com.au/kauer
http://twitter.com/kauer389
GPG fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B
Old fingerprint: 3C41 82BE A9E7 99A1 B931 5AE7 7638 0147 2C3C 2AC4
More information about the ubuntu-users
mailing list