Ridding myself of root passwords?
torriem at gmail.com
Mon Feb 3 13:16:42 MST 2014
On 02/03/2014 12:26 PM, S. Dale Morrey wrote:
> Interesting, I'm going to have to try that. I move SSH to a random port
> off in the boonies, that alone eliminated bruteforce attempts on my end.
> Still passwords are so 1970s. Certs are where all the cool kids are
> stashing their goodies now days :)
Recent versions of openssh allow to configure options on a per-host or
per-subnet basis. For example, here's an extract from my sshd_config:
Match Address 192.168.*,127.*
That bans password logins except from private IP addresses (VPN in my case).
More information about the PLUG