On Sun, Mar 14, 2010 at 09:25:39AM +0000, Kai Hendry wrote:
> 'PasswordAuthentication no' and ssh keys is the right solution. If a
> customer can't figure out how to generate an ssh key with puttgen or
> ssh-keygen, I wouldn't take them.
Frankly, I agree with Kai. If you can't figure out SSH keys, you have
no business whatsoever running public SSH (or any other) services on the
Internet.
On my network at home, I have key-only, no root login, and use Fail2Ban
(with other services too, not just ssh). It's worked perfectly well for
me for years. Fail2Ban might be too resource hungry on a busy machine
though.
Just my $0.02
Darren.
--
Darren Davison
Public Key: 0xE855B3EA
