From owner-freebsd-questions@FreeBSD.ORG Sat Mar 20 16:31:08 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3922A106564A for ; Sat, 20 Mar 2010 16:31:08 +0000 (UTC) (envelope-from eliaschr@cha.forthnet.gr) Received: from mx-out.forthnet.gr (mx-out.forthnet.gr [193.92.150.104]) by mx1.freebsd.org (Postfix) with ESMTP id A2A578FC12 for ; Sat, 20 Mar 2010 16:31:07 +0000 (UTC) Received: from mx-av-03.forthnet.gr (mx-av.forthnet.gr [193.92.150.27]) by mx-out-01.forthnet.gr (8.14.3/8.14.3) with ESMTP id o2KGV5pP014003 for ; Sat, 20 Mar 2010 18:31:05 +0200 Received: from MX-IN-05.forthnet.gr (mx-in-05.forthnet.gr [193.92.150.30]) by mx-av-03.forthnet.gr (8.14.3/8.14.3) with ESMTP id o2KGV5Ch023253 for ; Sat, 20 Mar 2010 18:31:05 +0200 Received: from pluto.universe (62.1.165.170.dsl.dyn.forthnet.gr [62.1.165.170]) by MX-IN-05.forthnet.gr (8.14.3/8.14.3) with ESMTP id o2KGV434011141 for ; Sat, 20 Mar 2010 18:31:04 +0200 Authentication-Results: MX-IN-05.forthnet.gr smtp.mail=eliaschr@cha.forthnet.gr; spf=neutral Authentication-Results: MX-IN-05.forthnet.gr header.from=eliaschr@cha.forthnet.gr; sender-id=neutral From: Elias Chrysocheris To: freebsd-questions@freebsd.org Date: Sat, 20 Mar 2010 18:31:03 +0200 User-Agent: KMail/1.12.4 (FreeBSD/8.0-RELEASE-p2; KDE/4.3.5; amd64; ; ) References: <201003201318.o2KDIcIt001241@fix.fantomatic.co.uk> <4BA4EA8C.3090702@locolomo.org> <20100320121417.67724938@scorpio.seibercom.net> In-Reply-To: <20100320121417.67724938@scorpio.seibercom.net> MIME-Version: 1.0 Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <201003201831.03969.eliaschr@cha.forthnet.gr> Subject: Re: securing sshd X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Mar 2010 16:31:08 -0000 On Saturday 20 of March 2010 18:14:17 Jerry wrote: > On Sat, 20 Mar 2010 16:32:28 +0100 > > Erik Norgaard articulated: > > > * Disabled password logins completely, and to only allow public key > > > authentication > > > > This seems good for security, but not always practical. Now you have > > to walk around with a USB or have keys on your laptop and if you > > loose the USB or the laptop gets stolen you can't get access. Worse, > > you can't revoke the keys till you get back home. > > Worse yet, if you get shot and killed you won't be able to access your > data no matter how hard you try. > > Seriously, disabling password log-ins and using key authentication is > extremely secure. Do make sure that you password protect your keys > however. In any event, if you laptop or whatever is stolen, you have > more than just one problem to contend with anyway. > Another thing you could do is perhaps to secure your sshd using a program like sshguard. This is another measure you could take against brute force attack to your ssh. Elias