Anybody want's to check it out? I can provide ssh access, if u will give me ssh key.
On Thu, Dec 29, 2011 at 11:06 PM, Noah Meyerhans <fr...@morgul.net> wrote: > On Thu, Dec 29, 2011 at 04:39:24PM +0100, Kees de Jong wrote: >> I guess I already pointed out everything. I added the updating part to it. >> >> * Use private not public keys with strong passwords > > This doesn't make any sense at all. You need both private and public > keys for key-based authentication, and it's very important that you > recognize the difference between the two. > > Also, one of the real problems with ssh key authentication is that > there's no way to enforce a strong password policy on the private keys. > Plenty of times I've seen an otherwise secure host compromised when a > user did something silly like drop their passwordless private key in > their public_html folder. > > noah > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (GNU/Linux) > > iD8DBQFO/LoqYrVLjBFATsMRAsg9AJ9aUkRhLNaFMgU0i/dfdM3RIhOe1gCfSZRu > wOkLOurLw9E1VIg3k8Lshvg= > =gcLw > -----END PGP SIGNATURE----- > -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CA+0W4NnTeJ-i-=hef78+0-b1ptvqw3dnx+xkieusnquajxt...@mail.gmail.com
