Skip to main content
  1. Dispatches/

Strong passwords no panacea as SSH brute-force attacks rise

·174 words·1 min
Articles Apple Linux Security Ssh Sshd
Daniel Andrlik
Author
Daniel Andrlik lives in the suburbs of Philadelphia. By day he manages product teams. The rest of the time he is a podcast host and producer, writer of speculative fiction, a rabid reader, and a programmer.

Okay, if you still have your box configured to allow remote logins as "root", then you deserve anything you get. Otherwise, start using strong passphrases (not a password, those are too easy), or if you can swing it with your work flow, use an ssh key rather than a text-based login. It’s less convenient in some ways, but it’s worth your time. Honestly, I’m a little behind here as I’ve intended to switch more of my systems over to private keys for a while now, but on half I still login with a username and a strong passphrase.

Also, while we are at it, just a reminder that security through obscurity doesn’t work in the long run. You can reduce the effectiveness of automated attacks by running ssh on a different port, but don’t think that’s going to be an effective long-range solution. If someone wants in, they will find the ssh port, so it’s up to you to get the rest of your security together.

This all goes for you Apple folks too.

Related

Lest We Remember: Cold Boot Attacks on Encryption Keys
·41 words·1 min
Articles Encryption Security
Via Boing Boing: This is definitely not good. Don’t leave your encrypted laptop in on/suspended in public kids! Also, if you aren’t at least encrypting your /home directory (or wherever you keep your personal files), congrats on earning the EPIC FAIL.
New year, new nerdery
·1217 words·6 mins
Articles Aws Assorted Geekery Personal Vps Linux Gentoo Funtoo
It’s the January of 2018, and the sickness is upon me again. Sometimes you can feel it coming, like that first head fog that warns of a coming cold, or the klaxon of a stomach churn that alerts you to an impending flu.
18 Essential Apps for Getting Shit Done
·2366 words·12 mins
Articles Assorted Geekery Tech Productivity Writing Security
OMG, a workflow post! Apps, tools, productivity, oh my! Listen, we all know that no app can make you more productive by itself. Your methods are always more important than your tools.