OT: Capturing failed login attempts
Bill Campbell
bill at celestial.com
Tue Sep 13 13:46:10 PDT 2005
On Tue, Sep 13, 2005, Fairlight wrote:
>Is it just me, or did Jay Ashworth say:
>>
>> Though, note that it's widely considered to be poor system
>> adminstration practice to log usernames in the log on failures, because
>> people get out of sync, and you end up with passwords in the log file.
>
>That's considered poor -user- practise, and it's incumbent upon anyone
>doing so (I've done it by mistake myself--it happens) to immediately change
>their password when they get in.
Personally I rarely use passwords to login, much preferring to use secure
shell's agent and authorized_keys on the target machine. This requires
only that I run ssh-agent and ssh-add to enter my pass phrase (long
sentences) once on my main desktop machine after logging in which then
gives me access to systems with my public key(s) in their authorized_keys
file. Incidentally this has proven useful on more than one occassion where
somebody at a customer's site has accidently changed the root password, and
can't access their own system (usually at an ISP where somebody meant to
use ``passwd username'' and forgot the username part).
It's generally a Good Idea(tm) to disable password authentication with the
openssh sshd_config file, only allowing key based access.
Bill
--
INTERNET: bill at Celestial.COM Bill Campbell; Celestial Software LLC
UUCP: camco!bill PO Box 820; 6641 E. Mercer Way
FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676
URL: http://www.celestial.com/
My brother sent me a postcard the other day with this big satellite photo
of the entire earth on it. On the back it said: ``Wish you were here''.
-- Steven Wright
More information about the Filepro-list
mailing list