[lug] Attacks Intensifying
Jani Averbach
jaa at jaa.iki.fi
Thu Oct 28 14:36:08 MDT 2004
On 2004-10-28 13:06-0600, Lee Woodworth wrote:
> Unless you have the requirement that users can SSH from anywhere,
> blocking attackers is opposite of recommended security policy:
> specifically allow known sources, deny all others.
>
> My file exchange server requires users to have keys, no passwords
> allowed. It looks to me that the time I spent setting up user keys and
> allowing their addresses is less than the time you are going to spend on
> blocking attackers.
>
Well, I need an access from everywhere and morever, time to time, I
have to use one time passwords.
So do you know if it is possible to make a system where entry level
check is done with public keys, and after that actual access is granted by
OTPW?
Br, Jani
--
Jani Averbach
More information about the LUG
mailing list