Michael Bevilacqua on 10 Jun 2009 16:06:46 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Pros and cons of key-pair based vs password based SSH...

On Wed, Jun 10, 2009 at 6:45 PM, Fred Stluka <fred@bristle.com> wrote:
For the ability to ssh from any client machine, without having
to carry my key-pair file on a USB drive or something, is it
reasonable to just change the server's config file to say:
   PasswordAuthentication yes

Or is there a more secure way to get this convenience?


Hey Fred,

You could also add the fail2ban package, which reads the SSH logs for authentication failures and bans the offending IP after a specified threshold is reached. This package depends on a package like Shorewall or the like to do the IP blocking.

There are also some best practice notes you might want to review:

http://www.howtoforge.com/ssh-best-practices

Hope this helps.
 

--
Michael D. Bevilacqua
michael@bevilacqua.us
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug