[Gllug] ssh brute force attacks

Luke Dudney listmail at lukedudney.com
Wed Dec 10 16:44:49 UTC 2008


On 10/12/08 16:33, Joel Bernstein wrote:
> 2008/12/10 Jose Luis Martinez <jjllmmss at googlemail.com>:
>   
>> 2008/12/10 Robert McKay <robert at mckay.com>:
>>     
>> Some places don't install ssh-agent for this reason.
>>     
>
> Some places probably also make their developers whistle down the
> phoneline because computers are inherently insecure. On the whole I
> prefer working at companies with a sensible attitude to keeping out of
> my way and letting me write some code.
>
> Obviously there are different metrics and requirements for different
> usecases and environments but I hesitate at the idea that you're going
> to withhold access to tools which make my life easier because a
> root-compromised machine could be used to steal passphrases. If the
> machine is compromised to that degree, you already lost the game.
>
> My $0.02 anyway.
>
> /joel
>   
I'll agree and make that $0.04 in the kitty -- absolute security isn't a 
goal that should be pursued in any real-world situation.

While some of the suggestions and solutions in this thread are 
interesting in a technical sense, they need to be understood and applied 
in the context of the threat and the value of what you're trying to protect.

Luke
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20081210/226e6cc1/attachment.html>
-------------- next part --------------
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug


More information about the GLLUG mailing list