Passing password in ssh
Aldo Foot
lunixer at gmail.com
Thu Jan 24 01:35:59 UTC 2008
On Jan 23, 2008 5:07 PM, John Summerfield <debian at herakles.homelinux.org>
wrote:
> Aldo Foot wrote:
>
... snip...
>
> > Perhaps a good practice is to configure accounts such as those for
> > cron jobs to use only specific commands.
> > Does anyone reading this thread uses such setup?
> > I'll play with this a bit.
>
> cron jobs are created either by your vendor (Fedora in this case), or by
> users with access to accounts on the system.
>
> If you use decent passwords, exercise due care with invited content
> (email, www etc & especially software[1] you install/allow to be
> installed), secure your servers[2] I don't think you have a lot to do
> with.
>
> If you're trying to protect high-value assets, best to hire an expert
> with the skills needed, it's pretty clear you don't have them.
>
>
> [1] I'm very picky. Most stuff from the FOSS world I trust, it will
> quickly get a bad name if it contains malware. I mostly avoid Acrobat &
> flash (the latter's main use seems to be adware, and there are serious
> security concerns), and absolutely shun toys such google desktop etc.
>
> [2] I run ssh, and I allow five connexions/hour globally (not per source
> IP) from parts of the world I don't expect connexions from, it covers me
> for the case I've been too strict. I don't think anyone's going to
> succeed with even a weak password without a fair bit of lock. I don't
> think my password's weak.
>
>
> --
>
> Cheers
> John
>
I have a couple of questions:
1. If you use the connection/hour limit scheme does it mean you don't
use tcpwrappers and you only rely on user/password for authorization?
2. Is this what you use to configure five ssh connections per hour?
#tcplimit 22 5 hour on
~af
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/users/attachments/20080123/ddfef1b8/attachment-0001.html
More information about the users
mailing list