sshd brute force attempts?
backyard
backyard1454-bsd at yahoo.com
Wed Sep 20 10:04:06 PDT 2006
--- "Dan Mahoney, System Admin" <danm at prime.gushi.org>
wrote:
> On Tue, 19 Sep 2006, backyard wrote:
>
> > In reality using passwords with SSH kinda defeats
> the
> > purpose of SSH.
>
> Keeping passwords from being sent across the network
> as cleartext?
>
> -Dan
ssh will encrypt them of course but...
the nosey snoop watching over your shoulder can see
the keys you type, or the tricky guy that has
installed a STDIN monitor hack, or enabling debugging
of the console by mistake and having it appear in the
syslogs. Using keys means you never have to use a
password, other then locking the key. The key should
always have a different password from the login. Using
keys is the point of SSH so you can eliminate
passworded logins making sure no one sees them at all.
-brian
>
> --
>
> "Of course she's gonna be upset! You're dealing
> with a woman here Dan,
> what the hell's wrong with you?"
>
> -S. Kennedy, 11/11/01
>
More information about the freebsd-questions
mailing list