SSHd
Lamont R. Peterson
lamont at gurulabs.com
Tue Aug 22 18:03:29 UTC 2006
On Sunday 20 August 2006 05:26am, Rahul wrote:
> Arthur Pemberton wrote:
> > I second that, however I would suggest going further and having
> > somethign denyhosts like in place or are we going with the assumption
> > that anyone owning a FC installation will be setting a good password,
> > or a weak password with the knowledge that SSHd is running?
>
> passwd program has checks in place to ensure that poor passwords are
> rejected and yes if you have the root password on the system there is a
> question of common sense too.
Yeah, well, the standard checks that passwd does aren't all that great.
They'll only cover the weakest of weak passwords and not in all possible ways
either. It's rather trivial to modify a weak password so that it gets by
this. Mind you, I'm talking about Fedora's default configuration, here;
cracklib can be configured to make things better.
Perhaps we should consider *a small amount* of tightening of this default
configuration.
--
Lamont R. Peterson <lamont at gurulabs.com>
Senior Instructor
Guru Labs, L.C. [ http://www.GuruLabs.com/ ]
NOTE: All messages from this email address should be digitally signed with my
0xDC0DD409 GPG key. It is available on the pgp.mit.edu keyserver as
well as other keyservers that sync with MIT's.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20060822/12a92749/attachment-0002.bin
More information about the devel
mailing list