On Fri, Mar 12, 2010 at 10:59 AM, Steve Holdoway <st...@greengecko.co.nz> wrote: > For a couple of weeks away, I wouldn't bother with the obscurity bit in > that way, rather just disable root login so they have to guess the user > account and password before denyhosts closes them out.
Things that are set up "for a couple of weeks" tend to stay enabled for far longer than intended! You're right that in Rob's example he doesn't need to set up Fort Knox, but I'd strongly suggest that the minimum bar should be "username & key" instead of "username & password". I haven't done much research on the matter, I only keep half an eye on attempts across my servers seeing as denyhosts works well, but I have never noticed anyone even attempting to crack in with "username & key". Considering that a password is around 8-10 typeable characters, and a key is around 700 typeable characters ... set up keys, not passwords! -jim