attack 2

jludwig wralphie at comcast.net
Thu May 12 20:53:40 UTC 2005


On Wednesday 11 May 2005 08:29 pm, John Summerfied wrote:
> grim wrote:
snip
> At work I've tried using a password generator for users' passwords. It's
> a nice idea. but the staff are completely unable to cope with them. In
> practice, either I need to know them too or I forever need to reset them.
>
> One thing I learned after one user's account was cracked (I didn't
> assign that password) is to have incoming ssh on a box that doesn't host
> mail and other user services. If someone uses (assuming it's possible)
> ftp, email or http to enumerate users, the users they find mostly don't
> have user accounts on the machine running sshd.
>
> Users not having login rights have /bin/true, /bin/false, /bin/nologin
> or similar for their login shell.
>
>
> I personally don't see the merit on changing the ssh port; if it's
> configured sensibly that gains inconvenience, nothing else.

> Cheers
> John

Patterns on the keyboard are a good way to go as far as password generation. 
Something such as qazwsx123 (try typing it out on a "qwerty" keyboard).
-- 
John H Ludwig

Common sense is so rare, why do they call it common!!!

I'm not schitziod! I got better tomorrow.




More information about the fedora-list mailing list