Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1996_2

Bugtraq archives for 2nd quarter (Apr-Jun) 1996: Re: brute force

Re: brute force

Jeff Uphoff (juphofftarsier.cv.nrao.edu)
Wed, 5 Jun 1996 17:03:53 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: der Mouse: "Re: Not so much a bug as a warning of new brute force attack"
Previous message: mdrvodka.sse.att.com: "Selecting Good Passwords"
Maybe in reply to: *Hobbit*: "brute force"
Next in thread: Marc Mosko/jfrank/us: "Re: brute force"

"CK" == Christopher Klaus <cklausiss.net> writes:

CK> Telnetd,rexecd,rshd,rlogind should all be turned off and replaced with
CK> a tool like ssh.   But even ssh can be bruteforced, it is just a LOT more
CK> time consuming since it only allows 1 try per connection and there is
CK> quite a bit of time consumed generating the random keys for transferring.

And it's even harder if you run sshd in this mode (in /etc/sshd_config):

RhostsAuthentication no
RhostsRSAAuthentication no
RSAAuthentication yes
PasswordAuthentication no

No passwords (not even for a fallback)--only already-locally-known keys
can get you in.  Makes for pretty tough cracking, especially if you
protect those keys with nice long pass-phrases and never type them over
a network or into a non-secured xterm, etc....

--Up.

--
Jeff Uphoff - systems/network admin.  |  juphoffnrao.edu
National Radio Astronomy Observatory  |  juphoffbofh.org.uk
Charlottesville, VA, USA              |  jeff.uphofflinux.org
    PGP key available at: http://www.cv.nrao.edu/~juphoff/

Next message: der Mouse: "Re: Not so much a bug as a warning of new brute force attack"
Previous message: mdrvodka.sse.att.com: "Selecting Good Passwords"
Maybe in reply to: *Hobbit*: "brute force"
Next in thread: Marc Mosko/jfrank/us: "Re: brute force"