Re: Breakin attempts





Wolfgang S. Rupprecht wrote:

The core problem is to prevent someone from guessing users' passwords.
You aren't going to achieve real security by hiding this or that
attribute. If you don't want to worry about your users chosing bad
non-random passwords, don't let them. Force them to use a 1k-2k RSA key
for ssh and turn off all login types in sshd_config other than RSA2.
That way any attacker has to correctly guess a 1k-bit computer generated
number. That will almost certainly be much more secure than any
password users will chose. Then you can look at the ssh log files and
laugh. The universe isn't going to last long enough for them to guess
even a small fraction of the keys.

Unless someone builds a quantum computer that can implement the Shor
algorithm for nontrivial cases :-)
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines



Relevant Pages

  • Re: Breakin attempts
    ... correct operation of the network? ... The core problem is to prevent someone from guessing users' passwords. ... Force them to use a 1k-2k RSA key ... Then you can look at the ssh log files and ...
    (Fedora)
  • Re: Breakin attempts
    ... non-random passwords, don't let them. ... Force them to use a 1k-2k RSA key ... Then you can look at the ssh log files and ... Unless someone builds a quantum computer that can implement the Shor ...
    (Fedora)
  • sshd_config: Not allowing RSA key authentication
    ... are running Debian Woody. ... # To enable empty passwords, ... # Kerberos TGT Passing does only work with the AFS kaserver ... potato system on my network using RSA key authentication just fine. ...
    (comp.os.linux.security)
  • sshd_config: Not allowing RSA key authentication
    ... are running Debian Woody. ... # To enable empty passwords, ... # Kerberos TGT Passing does only work with the AFS kaserver ... potato system on my network using RSA key authentication just fine. ...
    (comp.os.linux.security)