On Tue, Apr 19, 2011 at 11:56:51AM +0200, Peter N. M. Hansteen wrote:
Alexander Schrijver alexander.schrij...@gmail.com writes:
I think it's a bad idea to disable ssh login while someone is bruteforcing
your
account.
(...) industrial-scale password guessing (...)
If you allow
On Mon, Apr 18, 2011 at 07:54:13PM -0400, swilly wrote:
On Wed, Mar 30, 2011 at 03:22, Alexander Schrijver
alexander.schrij...@gmail.com wrote:
It's a great way to keep someone out of their own system.
Huh? Wouldn't securely backing up the RSA keys prevent this? If you
are mindful enough
Your right that there are other ways to still login.
I meant you're.
Alexander Schrijver alexander.schrij...@gmail.com writes:
I think it's a bad idea to disable ssh login while someone is bruteforcing
your
account.
We've seen quite a bit of what appears to be industrial-scale password
guessing (google 'hail mary cloud' or a few more obvious keywords), so
on
On Tue, Apr 19, 2011 at 4:54 PM, Edho P Arief edhopr...@gmail.com wrote:
On Tue, Apr 19, 2011 at 4:33 PM, Alexander Schrijver
alexander.schrij...@gmail.com wrote:
I think it's a bad idea to disable ssh login while someone is bruteforcing
your
account.
it may be just me but I'm having
On Tue, Apr 19, 2011 at 4:33 PM, Alexander Schrijver
alexander.schrij...@gmail.com wrote:
I think it's a bad idea to disable ssh login while someone is bruteforcing
your
account.
it may be just me but I'm having problem in understanding this statement.
On Tue, 19 Apr 2011 16:54:45 +0700
Edho P Arief wrote:
On Tue, Apr 19, 2011 at 4:33 PM, Alexander Schrijver
alexander.schrij...@gmail.com wrote:
I think it's a bad idea to disable ssh login while someone is bruteforcing
your
account.
it may be just me but I'm having problem in
On Tue, Apr 19, 2011 at 11:56 AM, Peter N. M. Hansteen pe...@bsdly.net wrote:
Alexander Schrijver alexander.schrij...@gmail.com writes:
I think it's a bad idea to disable ssh login while someone is bruteforcing
your
account.
We've seen quite a bit of what appears to be industrial-scale
Peter == Peter N M Hansteen pe...@bsdly.net writes:
Peter We've seen quite a bit of what appears to be industrial-scale password
Peter guessing (google 'hail mary cloud' or a few more obvious keywords), so
Peter on any internet-facing system the probability that someone is trying
Peter to
On Wed, Mar 30, 2011 at 03:22, Alexander Schrijver
alexander.schrij...@gmail.com wrote:
It's a great way to keep someone out of their own system.
Huh? Wouldn't securely backing up the RSA keys prevent this? If you
are mindful enough to use keys in the first place and don't back up
such critical
I'm writing here, because the ssh dev list says:
Mail Delivery Status Notification (Delay)
[Status: Error, Address: openssh-unix-...@mindrot.org, ResponseCode 451,
Temporary failure, please try again later.]
So:
What is you're opinion about the next idea? Please write down ++/-- thoughts:
Isn't limiting the number of retries obtaining the same result? I mean,
limiting the number of retries to 5 and having to wait for 10 seconds after
five failed attempts will have the same outcome without the hassle, IMO.
On Tue, 29 Mar 2011 22:58:53 -0700
nagygabor88 nagygabo...@zoho.com wrote:
IMHO it is absolutelly useless, objections are:
1. You can limit connections using firewall.
2. You already have the feature by name limiting the number of
retries
3. If you really want PROTECTION - you should turn off password
authentication completelly and use RSA key with passphrase.
On Wed,
Don't reinvent wheel
http://home.nuug.no/~peter/pf/en/bruteforce.html
On Wed, Mar 30, 2011 at 7:58 AM, nagygabor88 nagygabo...@zoho.com wrote:
I'm writing here, because the ssh dev list says:
Mail Delivery Status Notification (Delay)
[Status: Error, Address: openssh-unix-...@mindrot.org,
On Wed, Mar 30, 2011 at 10:06:14AM +0300, Gregory Edigarov wrote:
IMHO it is absolutelly useless, objections are:
1. You can limit connections using firewall.
2. You already have the feature by name limiting the number of
retries
3. If you really want PROTECTION - you should turn off password
On Wed, Mar 30, 2011 at 03:00:18PM +0700, Edho P Arief wrote:
On Wed, Mar 30, 2011 at 2:22 PM, Alexander Schrijver
alexander.schrij...@gmail.com wrote:
It's a great way to keep someone out of their own system.
Unless you enable root login...
How does that help?
On 30 March 2011 20:22, Alexander Schrijver
alexander.schrij...@gmail.com wrote:
On Wed, Mar 30, 2011 at 10:06:14AM +0300, Gregory Edigarov wrote:
IMHO it is absolutelly useless, objections are:
1. You can limit connections using firewall.
2. You already have the feature by name limiting the
On Wed, Mar 30, 2011 at 3:11 PM, Alexander Schrijver
alexander.schrij...@gmail.com wrote:
On Wed, Mar 30, 2011 at 03:00:18PM +0700, Edho P Arief wrote:
On Wed, Mar 30, 2011 at 2:22 PM, Alexander Schrijver
alexander.schrij...@gmail.com wrote:
It's a great way to keep someone out of their own
On Wed, 30 Mar 2011 09:22:44 +0200, Alexander Schrijver
alexander.schrij...@gmail.com wrote:
On Wed, Mar 30, 2011 at 10:06:14AM +0300, Gregory Edigarov wrote:
IMHO it is absolutelly useless, objections are:
1. You can limit connections using firewall.
2. You already have the feature by name
On Wed, Mar 30, 2011 at 2:22 PM, Alexander Schrijver
alexander.schrij...@gmail.com wrote:
It's a great way to keep someone out of their own system.
Unless you enable root login...
20 matches
Mail list logo