On Tue, Sep 19, 2006 at 02:22:41PM -0700, backyard wrote: > > well you could pretty much eliminate the problem by > disabling password logins to sshd and only accepting > keyed logins. Then only a key will work.
This is probably the best thing you can do to keep the bad guys out. This is what I'm doing on every box I have control over. It does not stop anyone from trying, but nobody gets in. I have yet to see even an attempt by script kiddies to use keys. > Frequently changing the keys would ensure hackers > would have to want to get in REALLY bad in order to > gain unauthorized access by a brute force attempt. > > Depending on how hosts login and their systems, you > could perhaps run a login script that regenerates keys > automatically and distributes them to the user every > so many days or whatever so the system appears > passwordless to them, and secure to the outside. This > may be more trouble then you are looking for though. I think this isn't needed, and is somewhat silly. Like all (decent) implementations of pubkey, the key is only used to authenticate and exchange a symetric session key. So the pubkey sees little actual use, compared with the session key. Anyone who knows better please correct me. -- Darrin Chandler | Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ | _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
