attack 2
jludwig
wralphie at comcast.net
Thu May 12 20:53:40 UTC 2005
On Wednesday 11 May 2005 08:29 pm, John Summerfied wrote:
> grim wrote:
snip
> At work I've tried using a password generator for users' passwords. It's
> a nice idea. but the staff are completely unable to cope with them. In
> practice, either I need to know them too or I forever need to reset them.
>
> One thing I learned after one user's account was cracked (I didn't
> assign that password) is to have incoming ssh on a box that doesn't host
> mail and other user services. If someone uses (assuming it's possible)
> ftp, email or http to enumerate users, the users they find mostly don't
> have user accounts on the machine running sshd.
>
> Users not having login rights have /bin/true, /bin/false, /bin/nologin
> or similar for their login shell.
>
>
> I personally don't see the merit on changing the ssh port; if it's
> configured sensibly that gains inconvenience, nothing else.
> Cheers
> John
Patterns on the keyboard are a good way to go as far as password generation.
Something such as qazwsx123 (try typing it out on a "qwerty" keyboard).
--
John H Ludwig
Common sense is so rare, why do they call it common!!!
I'm not schitziod! I got better tomorrow.
More information about the fedora-list
mailing list