On Tue, Apr 19, 2011 at 11:56:51AM +0200, Peter N. M. Hansteen wrote:
> Alexander Schrijver <alexander.schrij...@gmail.com> writes:
> > I think it's a bad idea to disable ssh login while someone is bruteforcing
> > your
> > account.
>
> (...) industrial-scale password guessing (...)
>
> If you allow password logins at all, there are worse ideas than
> running john (or similar) to flush out the bad ones occasionally.
If you're going to check password quality, use security/passwdqc (by the
same author as John the Ripper, based on the same code) - it will
actually prevent people from setting bad passwords, and using it to
check plaintext passwords is much more efficient than running john.
(Of course, it doesn't work on passwords already set, so *one* john runs
makes sense.)
Joachim
--
PotD: devel/p5-YAML - YAML ain't a markup language
http://www.joachimschipper.nl/
