John Andersen wrote:
Per Jessen wrote:
Roger Oberholtzer wrote:
On Sat, 2009-10-03 at 17:27 +0200, Hans Witvliet wrote:
hence i would recommend using keys and disable all password-logins. Other suggestion, use a VPN.
My ssh access is password protected. It is not so much that someone gets in (although I keep an eye open), but rather all the attempts eat resources.
Roger, that's almost certainly the first time I've heard anyone say that - I couldn't care less about the resources wasted by ssh brute force attacks (as long as they're not actually denial-of-service), but I care a lot about anyone getting in.
/Per
I'm pretty sure you misinterpreted what Roger said.
Quite possibly. It really sounded like he wasn't worried about the brute force attacks.
He meant that his passwords are secure enough for his purposes.
All automated ssh attacks are looking for totally insanely simple passwords, like "password".
Not so totally insanely simple, not any more. I had a machine compromised about two years ago - the password for the account was a common English word, 7 characters with one vowel substituted by a '0'. /Per -- Per Jessen, Zürich (16.2°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org