Date: Mon, 13 Nov 2006 09:29:21 -0500 From: "Andy Greenwood" <greenwood.andy@gmail.com> To: "User Questions" <freebsd-questions@freebsd.org> Subject: Re: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong? Message-ID: <3ee9ca710611130629s28f957c7x362c61dbfbe5cacf@mail.gmail.com> In-Reply-To: <20061113060356.E202.GERARD@seibercom.net> References: <20061113060528.GA7646@best.com> <455836A2.6010004@gmx.net> <20061113060356.E202.GERARD@seibercom.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 11/13/06, Gerard Seibert <gerard@seibercom.net> wrote: > On Monday November 13, 2006 at 04:10:58 (AM) Frank Staals wrote: > > > > I had the same 'problem'. As said it's not realy a problem since FreeBSD > > will hold just fine if you don't have any rather stupid user + pass > > combinations. ( test test or something like that ) Allthough I thought > > it was annoying that my intire log was clouded with those brute force > > attacks so I just set sshd to listen at an other port then 22. Maybe > > that's a acceptable solusion for you ? You can change the ssd port in > > /etc/ssh/sshd_config > > Security through obscurity is a bad idea. Rather, use SSH key based > authentication exclusively. Turn off all of the password stuff in > sshd_config. Laugh at the poor fools trying to break in. I second this notion. I had bruteforceblocker running and recently switched to key based auth only. The good news is no one is breaking in. the bad news is that my server is remote and difficult to get physical access to and the only key I uploaded initially was my work PC. Tried to get in from home over the weekend and found that I had locked myself out! doh! Just make sure that you have at least one PC you can get to from anywhere which has a key to get into your server. > > > -- > Gerard > > Mail from '@gmail' is rejected and/or discarded here. Don't waste > your time! > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > -- I'm nerdy in the extreme and whiter than sour cream
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3ee9ca710611130629s28f957c7x362c61dbfbe5cacf>