Paul L. Snyder on 26 Apr 2005 19:46:45 -0000


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Increase in SSH break-in attempts?


Quoting Mike Leone <turgon@mike-leone.com>:

> Paul L. Snyder (plsnyder@drexel.edu) had this to say on 04/26/05 at
> 10:40: 
> > Quoting Mike Leone <turgon@mike-leone.com>:
> > When I noticed, I disabled password authentication for ssh...I use
> key-
> > based auth for the most part, anyway.
> 
> You mean certificates? That works well if you connect from the same
> machine
> all the time, but what do you do to check in with your home system if
> you
> happen to be at your buddy's house, for example? Or am I
> misunderstanding?

Nope, you've got it.  I am almost never without my laptop, and
most of my friends have a WLAN they'll let me hop on.  I'm
pretty untrusting, so I try to never enter a "good" password for
my network on a machine that I don't control.  If I wanted to
connect back from an untrusted system, I'd probably set up some sort
of DMZ server.

If you're more trusting than I am and want to use certificate
auth to connect from an untrusted machine, I suppose you could
carry your private keys on a flash drive.  It wouldn't give me a
warm, fuzzy feeling, though, as that machine will have opportunity
to grab both the keys and the passphrase, just as it could grab
a password.

pls

pls



___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug