Date: Sat, 20 Mar 2010 18:31:03 +0200 From: Elias Chrysocheris <eliaschr@cha.forthnet.gr> To: freebsd-questions@freebsd.org Subject: Re: securing sshd Message-ID: <201003201831.03969.eliaschr@cha.forthnet.gr> In-Reply-To: <20100320121417.67724938@scorpio.seibercom.net> References: <201003201318.o2KDIcIt001241@fix.fantomatic.co.uk> <4BA4EA8C.3090702@locolomo.org> <20100320121417.67724938@scorpio.seibercom.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Saturday 20 of March 2010 18:14:17 Jerry wrote: > On Sat, 20 Mar 2010 16:32:28 +0100 > > Erik Norgaard <norgaard@locolomo.org> articulated: > > > * Disabled password logins completely, and to only allow public key > > > authentication > > > > This seems good for security, but not always practical. Now you have > > to walk around with a USB or have keys on your laptop and if you > > loose the USB or the laptop gets stolen you can't get access. Worse, > > you can't revoke the keys till you get back home. > > Worse yet, if you get shot and killed you won't be able to access your > data no matter how hard you try. > > Seriously, disabling password log-ins and using key authentication is > extremely secure. Do make sure that you password protect your keys > however. In any event, if you laptop or whatever is stolen, you have > more than just one problem to contend with anyway. > Another thing you could do is perhaps to secure your sshd using a program like sshguard. This is another measure you could take against brute force attack to your ssh. Elias
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201003201831.03969.eliaschr>