Reply to post: Re: It does

Linode: Back at last after ten days of hell

PeteA

Re: It does

Do you permit password-based logins (including challenge-response)? I'd personally advise very strongly against enabling anything other than PK-based authentication on boxen which are accessible via the interwebs; for extra paranoia, you might want to consider limiting yourself to ED25519 cryptography as the others are either getting a bit long-in-the-tooth (DSA, RSA) or may potentially have been compromised by the NSA (ECDSA - see https://blog.cloudflare.com/how-the-nsa-may-have-put-a-backdoor-in-rsas-cryptography-a-technical-primer/ for a readable description). I've not seen any examples of SSH compromise when password-based authentication is disabled, so would be very interested if yours did.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019