[2692] in bugtraq
Re: brute force
daemon@ATHENA.MIT.EDU (Jeff Uphoff)
Wed Jun 5 20:33:08 1996
Date: Wed, 5 Jun 1996 17:03:53 -0400
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Jeff Uphoff <juphoff@tarsier.cv.nrao.edu>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: Your message of Tue, June 4, 1996 15:59:40 -0400
"CK" == Christopher Klaus <cklaus@iss.net> writes:
CK> Telnetd,rexecd,rshd,rlogind should all be turned off and replaced with
CK> a tool like ssh. But even ssh can be bruteforced, it is just a LOT more
CK> time consuming since it only allows 1 try per connection and there is
CK> quite a bit of time consumed generating the random keys for transferring.
And it's even harder if you run sshd in this mode (in /etc/sshd_config):
RhostsAuthentication no
RhostsRSAAuthentication no
RSAAuthentication yes
PasswordAuthentication no
No passwords (not even for a fallback)--only already-locally-known keys
can get you in. Makes for pretty tough cracking, especially if you
protect those keys with nice long pass-phrases and never type them over
a network or into a non-secured xterm, etc....
--Up.
--
Jeff Uphoff - systems/network admin. | juphoff@nrao.edu
National Radio Astronomy Observatory | juphoff@bofh.org.uk
Charlottesville, VA, USA | jeff.uphoff@linux.org
PGP key available at: http://www.cv.nrao.edu/~juphoff/
