Date: Mon, 13 Nov 2006 16:11:18 +0100 From: Frank Staals <frankstaals@gmx.net> To: User Questions <freebsd-questions@freebsd.org> Cc: "Leo L. Schwab" <ewhac@best.com> Subject: Re: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong? Message-ID: <45588B16.4070502@gmx.net> In-Reply-To: <20061113060356.E202.GERARD@seibercom.net> References: <20061113060528.GA7646@best.com> <455836A2.6010004@gmx.net> <20061113060356.E202.GERARD@seibercom.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Gerard Seibert wrote: > On Monday November 13, 2006 at 04:10:58 (AM) Frank Staals wrote: > > > >> I had the same 'problem'. As said it's not realy a problem since FreeBSD >> will hold just fine if you don't have any rather stupid user + pass >> combinations. ( test test or something like that ) Allthough I thought >> it was annoying that my intire log was clouded with those brute force >> attacks so I just set sshd to listen at an other port then 22. Maybe >> that's a acceptable solusion for you ? You can change the ssd port in >> /etc/ssh/sshd_config >> > > Security through obscurity is a bad idea. Rather, use SSH key based > authentication exclusively. Turn off all of the password stuff in > sshd_config. Laugh at the poor fools trying to break in. > > > The point is it isn't security through obscurity: as allready pointed out, FreeBSD & sshd can withstand those brute force attacks without much of a problem so there is no security problem, the only thing is those brute force attacks are anoying since they cloud authd.log If those attacks WERE a problem, or if there was a system which you could log in without user & pass if you would find out the correct port then, but only then, it is a bad idea .... -- -Frank Staals
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45588B16.4070502>