[Gllug] ssh brute force attacks
Luke Dudney
listmail at lukedudney.com
Wed Dec 10 16:44:49 UTC 2008
On 10/12/08 16:33, Joel Bernstein wrote:
> 2008/12/10 Jose Luis Martinez <jjllmmss at googlemail.com>:
>
>> 2008/12/10 Robert McKay <robert at mckay.com>:
>>
>> Some places don't install ssh-agent for this reason.
>>
>
> Some places probably also make their developers whistle down the
> phoneline because computers are inherently insecure. On the whole I
> prefer working at companies with a sensible attitude to keeping out of
> my way and letting me write some code.
>
> Obviously there are different metrics and requirements for different
> usecases and environments but I hesitate at the idea that you're going
> to withhold access to tools which make my life easier because a
> root-compromised machine could be used to steal passphrases. If the
> machine is compromised to that degree, you already lost the game.
>
> My $0.02 anyway.
>
> /joel
>
I'll agree and make that $0.04 in the kitty -- absolute security isn't a
goal that should be pursued in any real-world situation.
While some of the suggestions and solutions in this thread are
interesting in a technical sense, they need to be understood and applied
in the context of the threat and the value of what you're trying to protect.
Luke
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20081210/226e6cc1/attachment.html>
-------------- next part --------------
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list