break-in attempt in my machine
Chris Green
cl at isbd.net
Sat Sep 3 09:13:06 UTC 2016
On Fri, Sep 02, 2016 at 09:21:00PM +0200, No Spam wrote:
> On 16-09-02 19:25:29, Chris Green wrote:
> > On Fri, Sep 02, 2016 at 06:59:29PM +0200, J. L. wrote:
> > > On 02.09.2016 16:57, Volker Wysk wrote:
> > > > Am Sonntag, 28. August 2016, 11:39:07 CEST schrieb Karl Auer:
> > > >> By the way, anyone that has ssh access open to the world MUST take
> > > >> extra precautions. At an absolute minimum, any account that can log in
> > > >> via ssh MUST have a VERY GOOD PASSWORD - twenty or thirty random
> > > >> characters including numbers, punctuation and both cases. Otherwise you
> > > >> WILL get hacked.
> > > >
> > > > I have a 9-letter fantasy word as password. Something like "schwurbelfu". Just
> > > > lower case letters. So this is insecure? I doubt it could be cracked by
> > > > trying.
> > >
> > > Of course You could call me paranoid but passwords shorter than
> > > _at_least_ 20 random characters should be considered "obsolete" in these
> > > times (since among lots of other revelations the publications of Edward
> > > Snowden).
> > >
> > Passwords are only 'easy to break' if one has access to the system
> > where they are stored. It's not practical to brute force even a
> > fairly trivial password remotely.
>
> don't forget :ssh means access to the system
>
Yes, but it's 'remote' access in the sense I was meaning, you can't
brute force a password via an ssh login. By that I mean you can't
brute force a password at the ssh login prompt. If you've already got
a user ssh password and can log in to the system then you have more
chance although even then it's difficult with the newer /etc/shadow
arrangement.
--
Chris Green
More information about the ubuntu-users
mailing list