New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Just use termius it will rsync all ssh keys with all devices.
Regards
I'll check. Thnx
Don't mean to hijack a topic but out of curiosity is host.deny host.allow configured to allow connection from just one IP enough to keep them out or are there any work arounds for it?
You are totally right. Yes, passwords are bad, but not that bad.
Lets say its a 8 character password with lower- and uppercase plus numbers. That's 62 possible characters, that gives 62^8 possible combinations.
Just to keep the math easy we say one attempt per second.
62^8 combinations = 218 trillion attempts. With 1 attempt per second it would take about 7 million years to guarantee that the password is found. We can go extreme and say that it manages 1000 attempts per second. Still, it takes 7000 years.
And simple things like fail2ban and similar multiplies that time by a lot. Such a simple thing as not permitting root login forces the attacker to have to guess the username as well as the password. Anyone with basic understanding of math can figure out what that does to the total time taken (unless the user is an idiot and uses 'admin' or similar as username).
Don't get me wrong, I'm not advocating using just passwords, absolutely not, but if people could just use good, random passwords bruteforce attacks would be more or less useless. There are of course a lot of other reasons to not use just passwords, but bruteforce against services such as ssh is so easily prevented it shouldn't even be a problem.
And again, since I know I will probable take some heat for this: I'm not advocating using passwords! I just think people should understand what an extremely big difference it makes to just add a few numbers or symbols in their passwords.
totally agree on that one. if you install debian/ubuntu via netinst or as minimal, root access will be set to no-password as this is the openssh-server default - while you'll still get an unprivileged user to be able to login with a password and become root via su - afterwards.
it's only a convenience/automation thing nowadays that has providers still setup templates with root access via password enabled, so they can simply set something and send to the user 🤷♂️
noted
root via su
like one of my provider