Date: Tue, 23 Jun 2009 10:18:39 +0400 From: Jeff Laine <wtf.jlaine@gmail.com> To: Daniel Underwood <djuatdelta@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: Best practices for securing SSH server Message-ID: <20090623061839.GA88030@free.bsd.loc> In-Reply-To: <b6c05a470906221816l4001b92cu82270632440ee8a@mail.gmail.com> References: <b6c05a470906221816l4001b92cu82270632440ee8a@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon,06/22/09 [21:16:35], Daniel Underwood wrote: > On a BSD box at work (at an extremely fast connection and static IP), > I run an SSH server. I am the only person who uses the server, but I > use it from some locations that are behind a dynamic IP (so I can't > set pf rules to filter by IP). I will always, however, use the same > laptop to connect to the server. Due to the speed and location of the > connection, it's a relatively high-risk target. > > What are some good practices for securing this SSH server. Is using a > stored key safer than a password in this instance? I have no > experience with port-knocking, but I'd appreciate some tips or > suggested beginning references... I welcome any and all advice. > > Note: I do require X11 forwarding (not sure whether that's relevant information) > > TIA, > Daniel To block bruteforce probes on ssh I use pf with it's great function 'max-src-conn-rate'. man pf.conf provides some useful hints. -- Best regards, Jeff | "Nobody wants to say how this works. | | Maybe nobody knows ..." | | Xorg.conf(5) |
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090623061839.GA88030>