14 Mar
2010
14 Mar
'10
10:34 a.m.
On Sun, Mar 14, 2010 at 09:25:39AM +0000, Kai Hendry wrote:
'PasswordAuthentication no' and ssh keys is
the right solution. If a
customer can't figure out how to generate an ssh key with puttgen or
ssh-keygen, I wouldn't take them.
Frankly, I agree with Kai. If you can't figure out SSH keys, you have
no business whatsoever running public SSH (or any other) services on the
Internet.
On my network at home, I have key-only, no root login, and use Fail2Ban
(with other services too, not just ssh). It's worked perfectly well for
me for years. Fail2Ban might be too resource hungry on a busy machine
though.
Just my $0.02
Darren.
--
Darren Davison
Public Key: 0xE855B3EA