L A Walsh wrote:
On 2021/03/05 10:03, Per Jessen wrote:
Is there a reason public key auth isn't good enough?
Dunno, I didn't design it.
Me neither, but for some fifteeen years, it has been very good at preventing unauthorized access to my systems. If you don't know if it is good enough, maybe you need to explore it?
======== On 2021/03/05 09:10, Per Jessen wrote: I just foresee the situation where and 'admin' account is locked out and support has gone home for the weekend. ---
First thing -- the institutions/organizations that have such security measures have teams answering phones 24/7, holidays included.
So why are we talking about here on this list?
---- why are you taking about support going home for the weekend?
Well, because they do - I don't pay them to work on weekends. If a user account were to be locked due to third parties trying to gain access, that would become a simple support case. For Monday morning.
There are no weekends. Second thing -- as for someone having their admin account open to password cracking facing the web -- that shouldn't happen to begin
We were not talking about the web, but about ssh.
Same same. In this context, facing open web = facing public internet.
Plonk. -- Per Jessen, Zürich (0.7°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland.