[Gllug] Router under attack: help/advice needed

Nix nix at esperi.org.uk
Tue Oct 20 22:20:44 UTC 2009


On 20 Oct 2009, Tethys told this:

> --------
>
> gvim writes:
>
>>- Limit logins to public key if possible
>
> Please stop spreading that nonsense. It doesn't increase security.

Er, yes it does.

> As I've said before on here, it merely trades off different risks
> against each other, reducing the likelihood of one attack and
> increasing another. Overall, it is probably less secure than
> password based logins.

Really? If the keys on your serve are all passphrased, you're not
trading off password guesses for cracked hosts: you're trading
off password guesses for cracked-hosts-and-passphrase-guesses,
which is a *somewhat* higher bar.

(Of course, if you have passphraseless keys allowed in, you are indeed
just trading off one risk for another: don't do that then.)
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list