Breakin attempts

[David Liguori]

Wolfgang S. Rupprecht wrote:
>
> The core problem is to prevent someone from guessing users' passwords.
> You aren't going to achieve real security by hiding this or that
> attribute.  If you don't want to worry about your users chosing bad
> non-random passwords, don't let them.  Force them to use a 1k-2k RSA key
> for ssh and turn off all login types in sshd_config other than RSA2.
> That way any attacker has to correctly guess a 1k-bit computer generated
> number.  That will almost certainly be much more secure than any
> password users will chose.  Then you can look at the ssh log files and
> laugh.  The universe isn't going to last long enough for them to guess
> even a small fraction of the keys.
>   
Unless someone builds a quantum computer that can implement the Shor 
algorithm for nontrivial cases :-)