[TriLUG] Failed logins
Jeremy Portzer
jeremyp at pobox.com
Sat Sep 3 10:17:18 EDT 2005
On Fri, 2 Sep 2005, Lisa Boyd wrote:
> It seems like this might be a good solution. I've also seen other
> usernames fail through this sshd -- kinda makes me chuckle when I see
> what they try :)
Believe it or not, I actually had a server account compromised once by a
script like this. There was a user with a common first name and her
password had been set to the same as the username. Oops.
It was easy enough to clean up (it only got to this account), and there
were no resources on this server per se (it was basically a Linux
demonstration server), so it wasn't that big a deal. But it certainly was
a good reminder of why the 'cracklib' functions of password-setting tools
are critical to enforce strong passwords.
Jeremy
--
/---------------------------------------------------------------------\
| Jeremy Portzer jeremyp at pobox.com trilug.org/~jeremy |
| GPG Fingerprint: 712D 77C7 AB2D 2130 989F E135 6F9F F7BC CC1A 7B92 |
\---------------------------------------------------------------------/
More information about the TriLUG
mailing list