securing sshd
Elias Chrysocheris
eliaschr at cha.forthnet.gr
Sat Mar 20 16:31:08 UTC 2010
On Saturday 20 of March 2010 18:14:17 Jerry wrote:
> On Sat, 20 Mar 2010 16:32:28 +0100
>
> Erik Norgaard <norgaard at locolomo.org> articulated:
> > > * Disabled password logins completely, and to only allow public key
> > > authentication
> >
> > This seems good for security, but not always practical. Now you have
> > to walk around with a USB or have keys on your laptop and if you
> > loose the USB or the laptop gets stolen you can't get access. Worse,
> > you can't revoke the keys till you get back home.
>
> Worse yet, if you get shot and killed you won't be able to access your
> data no matter how hard you try.
>
> Seriously, disabling password log-ins and using key authentication is
> extremely secure. Do make sure that you password protect your keys
> however. In any event, if you laptop or whatever is stolen, you have
> more than just one problem to contend with anyway.
>
Another thing you could do is perhaps to secure your sshd using a program like
sshguard. This is another measure you could take against brute force attack to
your ssh.
Elias
More information about the freebsd-questions
mailing list