From owner-freebsd-questions@FreeBSD.ORG  Wed Oct 25 03:12:08 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id AE05116A4C8
	for <freebsd-questions@freebsd.org>;
	Wed, 25 Oct 2006 03:12:08 +0000 (UTC)
	(envelope-from freebsd@dfwlp.com)
Received: from zeus.dfwlp.com (zeus.dfwlp.com [208.11.134.127])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D7E3C43D5F
	for <freebsd-questions@freebsd.org>;
	Wed, 25 Oct 2006 03:12:02 +0000 (GMT)
	(envelope-from freebsd@dfwlp.com)
Received: from athena.dfwlp.com (athena.dfwlp.com [192.168.125.83])
	(authenticated bits=0)
	by zeus.dfwlp.com (8.13.6/8.13.6) with ESMTP id k9P3BwXf044560
	for <freebsd-questions@freebsd.org>;
	Tue, 24 Oct 2006 22:11:59 -0500 (CDT)
	(envelope-from freebsd@dfwlp.com)
From: Jonathan Horne <freebsd@dfwlp.com>
To: freebsd-questions@freebsd.org
Date: Tue, 24 Oct 2006 22:11:58 -0500
User-Agent: KMail/1.9.4
References: <f17daf040610241940g7daa4552xb62f84fd4061607a@mail.gmail.com>
	<b34be8420610241949j3b7565d6r4742b30422a39369@mail.gmail.com>
In-Reply-To: <b34be8420610241949j3b7565d6r4742b30422a39369@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200610242211.58210.freebsd@dfwlp.com>
X-Spam-Status: No, score=-1.4 required=3.6 tests=ALL_TRUSTED autolearn=ham 
	version=3.1.6
X-Spam-Checker-Version: SpamAssassin 3.1.6 (2006-10-03) on zeus.dfwlp.com
Subject: Re: a simple questions about sshd and PasswordAuthentication
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Oct 2006 03:12:08 -0000

On Tuesday 24 October 2006 21:49, Juha Saarinen wrote:
> On 10/25/06, Jeff MacDonald <bignose@gmail.com> wrote:
> > Is there anything inherintaly dangerous or wrong about enabling
> > PasswordAuthentication in sshd_config ?
> >
> > I understand how public keys are better and everything else. And I do
> > use them. I'm just curious.
>
> Probably not, if you have strong passwords and sensible management
> policies. That said, PasswordAuthentication attracts the brute-force
> crackers like flies to rotting meat, so...

agreed.

3 weeks ago, i just firewalled off the port (actually, removed the nat), and 
now require vpn to gain access to my home network.  i was repeatedly having 
pages and pages long nightly security emails of failed ssh attempts.  not any 
more.  if the port aint there... they cant bruteforce it!

cheers,
jonathan