Date: Sun, 12 Feb 2006 11:57:33 +0000 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: lars@gmx.at Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: incorrect logins Message-ID: <43EF22AD.4070007@infracaninophile.co.uk> In-Reply-To: <43EF10CD.6090003@gmx.at> References: <1059667590.20060212073915@mail333.com> <1139736497.17153.14.camel@lmail.bathnetworks.co.uk> <43EF10CD.6090003@gmx.at>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigFDF243C0F93E9FECB54ABBD8
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: quoted-printable
lars wrote:
> Either you
> 1 configure SSH to only allow logins from certain hostnames or
> IP addresses or for certain users, and/or
>=20
> 2 install a program to watch your logfiles and modify
> your firewall rules dynamically according to specified
> triggers,
> like /usr/ports/security/denyhosts, and/or
>=20
> 3 choose strong passwords or -phrases and not care
You forgot:
4 Use SSH key based auth exclusively. Turn off all of the password
stuff in sshd_config. Laugh at the poor fools trying to break in.
Cheers,
Matthew
--=20
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
--------------enigFDF243C0F93E9FECB54ABBD8
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFD7yKz8Mjk52CukIwRA7JbAJ9jFvfcm9wd8G4uWENtMrlkDQVuKQCdHziW
2xV5eRcj7W6tSHt/7c9aAak=
=g3Ca
-----END PGP SIGNATURE-----
--------------enigFDF243C0F93E9FECB54ABBD8--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43EF22AD.4070007>