From owner-freebsd-stable@FreeBSD.ORG  Fri Dec 22 15:38:14 2006
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
X-Original-To: freebsd-stable@freebsd.org
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 119FF16A412
	for <freebsd-stable@freebsd.org>; Fri, 22 Dec 2006 15:38:14 +0000 (UTC)
	(envelope-from vivek@khera.org)
Received: from yertle.kcilink.com (yertle.kcilink.com [74.92.149.58])
	by mx1.freebsd.org (Postfix) with ESMTP id BFD9B13C442
	for <freebsd-stable@freebsd.org>; Fri, 22 Dec 2006 15:38:13 +0000 (UTC)
	(envelope-from vivek@khera.org)
Received: from [192.168.7.103] (host-103.int.kcilink.com [192.168.7.103])
	by yertle.kcilink.com (Postfix) with ESMTP id 157EFB80F
	for <freebsd-stable@freebsd.org>; Fri, 22 Dec 2006 10:38:13 -0500 (EST)
Mime-Version: 1.0 (Apple Message framework v752.2)
In-Reply-To: <458AF5BA.5020908@optusnet.com.au>
References: <200612211533.kBLFXLaW090581@lurza.secnetix.de>
	<458AE462.1020100@vindaloo.com> <458AF5BA.5020908@optusnet.com.au>
Content-Type: multipart/signed; micalg=sha1; boundary=Apple-Mail-1--483868922;
	protocol="application/pkcs7-signature"
Message-Id: <F01AFF5C-63D0-4F2A-B590-8F05DA77FF5E@khera.org>
From: Vivek Khera <vivek@khera.org>
Date: Fri, 22 Dec 2006 10:38:11 -0500
To: FreeBSD Stable <freebsd-stable@freebsd.org>
X-Mailer: Apple Mail (2.752.2)
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Subject: Re: Block IP
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Dec 2006 15:38:14 -0000


--Apple-Mail-1--483868922
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
	charset=US-ASCII;
	delsp=yes;
	format=flowed


On Dec 21, 2006, at 3:59 PM, Graham Menhennitt wrote:

> Christopher Hilton wrote:
>> If it's at all possible switch to using public keys for  
>> authentication
>> with ssh and disallow password authentication. This completely stops
>> the brute forcing attacks from filling up your periodic security  
>> mail.
> Are you sure about that? I only allow PublickeyAuthentication ssh2
> connections but I get lots of security mail messages like:
>

Be sure to disallow PAM auth also.  I missed that one the first time  
I tried to disable interactive keyboard auth login.


--Apple-Mail-1--483868922--