Date: Mon, 19 Sep 2011 17:11:28 -0700 From: merlyn@stonehenge.com (Randal L. Schwartz) To: =?utf-8?B?0JPRgNC40LPQvtGA0YzQtdCyINCQ0LvQtdC60YHQsNC90LTRgA==?= <mr.festin@yandex.ru> Cc: James Strother <jstrother9109@gmail.com>, freebsd-questions@freebsd.org Subject: Re: limit number of ssh connections Message-ID: <86k494t6mn.fsf@red.stonehenge.com> In-Reply-To: <946851316461449@web97.yandex.ru> (=?utf-8?B?ItCT0YDQuNCz0L4=?= =?utf-8?B?0YDRjNC10LIg0JDQu9C10LrRgdCw0L3QtNGAIidz?= message of "Mon, 19 Sep 2011 23:44:09 %2B0400") References: <CAAOvGP2Gj0=ZAYZn2KZYUa3NTCHVtUdtQqHumM1D5Ea26dzPrQ@mail.gmail.com> <946851316461449@web97.yandex.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> "=D0=93=D1=80=D0=B8=D0=B3=D0=BE=D1=80=D1=8C=D0=B5=D0=B2" =3D=3D =D0= =93=D1=80=D0=B8=D0=B3=D0=BE=D1=80=D1=8C=D0=B5=D0=B2 =D0=90=D0=BB=D0=B5=D0= =BA=D1=81=D0=B0=D0=BD=D0=B4=D1=80 <mr.festin@yandex.ru> writes: =D0=93=D1=80=D0=B8=D0=B3=D0=BE=D1=80=D1=8C=D0=B5=D0=B2> If your target is p= rotect freebsd box from bruting passwords =D0=93=D1=80=D0=B8=D0=B3=D0=BE=D1=80=D1=8C=D0=B5=D0=B2> from inet maybe sec= urity/knockd will help you? Portknocking adds only a dozen bits or so to your password. Do you really think it helps to go from a 1024-bit key to a 1036-bit? In other words, Portknocking belongs in the "security for dummies" pile right along with "turning off your SSID announce" and "use MAC address filtering" when people talk about wifi "security". All three are useless and give you a false sense of having "increased" security. The real security is disable plaintext passwords. Then no amount of bruteforce will ever get in. --=20 Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 <merlyn@stonehenge.com> <URL:http://www.stonehenge.com/merlyn/>; Smalltalk/Perl/Unix consulting, Technical writing, Comedy, etc. etc. See http://methodsandmessages.posterous.com/ for Smalltalk discussion
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86k494t6mn.fsf>