On 2021/03/05 10:03, Per Jessen wrote:
Is there a reason public key auth isn't good enough? Dunno, I didn't design it. Just describing security systems used as an adjunct to ssh access.
======== On 2021/03/05 09:10, Per Jessen wrote: I just foresee the situation where and 'admin' account is locked out and support has gone home for the weekend. ---
First thing -- the institutions/organizations that have such security measures have teams answering phones 24/7, holidays included.
So why are we talking about here on this list?
---- Why are you taking about support going home for the weekend?
There are no weekends. Second thing -- as for someone having their admin account open to password cracking facing the web -- that shouldn't happen to begin
We were not talking about the web, but about ssh.
Same same. In this context, facing open web = facing public internet. Talking about disabling accounts after 3 broken password attempts and why admin accounts wouldn't be vulnerable -- mainly, they aren't accessible via a public facing internet port.