[lug] keeping up with attacks
Stephen Kraus
ub3ratl4sf00 at gmail.com
Sat May 4 20:11:45 MDT 2019
Still no reason to expose it openly to the internet, at least no all the
time.
On Sat, May 4, 2019, 9:32 PM Zan Lynx <zlynx at acm.org> wrote:
> On 5/4/2019 10:59 AM, Stephen Kraus wrote:
> > SSH: No fail2ban? Just keep guessing till you win. No cert guessing or
> > sniffing needed. Public key eliminates some of that, but its still not
> > good practice to expose SSH.
>
> Literally none of the Linux administrators I know personally run SSH
> with password auth enabled. As you say, that would be a bad idea.
>
> With public / private keypairs or certificates you could keep guessing
> for eternity and never get in.
>
> --
> Knowledge is Power -- Power Corrupts
> Study Hard -- Be Evil
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20190504/cc364355/attachment.html>
More information about the LUG
mailing list