You have 10 bits of entropy at best, unless you put it above 1024, at which poin... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

richardwhiuk on Jan 25, 2016 | parent | context | favorite | on: Amazon's customer service backdoor

You have 10 bits of entropy at best, unless you put it above 1024, at which point if it dies, any none privileged user on the box can sniff passwords.

Dylan16807 on Jan 25, 2016 | [–]

Why are you using passwords for SSH?

Do you actually have untrusted users on the box?

Why would you not secure the custom port to root-only?

arielb1 on Jan 25, 2016 | [–]

If you are serious, you should limit SSH access to a bastion host with no unprivileged users.

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact