Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
pntshgl137y@SHA-16384 exactly, can you give me some cases/methods how this can be exploited without anyone knowing the credentials, so I could prove my point in front of the team
-
pntshgl137y@Haxk20 I guess not, but they lock the user account after three unsuccessful login attempts
-
pntshgl137y@Haxk20 yup, trying for that. But you know these corporates.. it will take approval from 5 different people, then one of them will say we can't do that it will impact business... Thanks for the info though
-
lotd77757yOh boy, it's one of the first things most scripts, bots, kids check..
At least I hope you exclusively use encrypted and password locked keys... -
I hope they at least do keys. Then, it doesn’t matter how many bots bounce off the login prompt, they aren’t getting jack.
As a stopgap you might wanna install Fail2Ban
Related Rants
-
abhijith050513When you SSH into a machine and then SSH back into yours, you know you are drunk.
-
nickj58today at programming class... professor: today we will be teaching you about vim and using the terminal and s...
-
linuxxx19*SSH's into VPS* *Starts doing some general maintainance (updating, checking the logs etc)* *runs the who comm...
How bad is it for a fortune 500 company to open port 22 over the internet for all its linux servers?? Today, I reported this to my boss and he said "it won't be a problem, no one can login without a password".
question
linux security
ssh