break-in attempt in my machine
J. L.
jl.ffm at gmx.net
Fri Sep 2 16:59:29 UTC 2016
On 02.09.2016 16:57, Volker Wysk wrote:
> Am Sonntag, 28. August 2016, 11:39:07 CEST schrieb Karl Auer:
>> By the way, anyone that has ssh access open to the world MUST take
>> extra precautions. At an absolute minimum, any account that can log in
>> via ssh MUST have a VERY GOOD PASSWORD - twenty or thirty random
>> characters including numbers, punctuation and both cases. Otherwise you
>> WILL get hacked.
>
> I have a 9-letter fantasy word as password. Something like "schwurbelfu". Just
> lower case letters. So this is insecure? I doubt it could be cracked by
> trying.
Of course You could call me paranoid but passwords shorter than
_at_least_ 20 random characters should be considered "obsolete" in these
times (since among lots of other revelations the publications of Edward
Snowden).
Sure there are a lot of other sites where You can check "password
strength" but this site
https://www.grc.com/haystack.htm
works offline just as well. So i really believe that Mr. Gibson does not
"collect" tested passwords.
More or less the same check of password strength can for example also be
done with KeePass(X).
And do never forget: At least regarding passwords _SIZE_ _DOES_
_MATTER_! ;-)
>> But it would be a much better idea to read the above
>> blog entry and implement the first few ideas at least.
>
> I've implemented no 2, 3, 5 and 10 now... I won't disable root logins, because
> I want root sftp access.
More information about the ubuntu-users
mailing list