Best practices for securing SSH server

Wojciech Puchar wojtek at
Tue Jun 23 08:59:06 UTC 2009

>> 99% of crack attempts are done by "kevin mitnick" methods, not password
>> cracking.
> You're right about the probability of password breaking, but
> personally I installed denyhosts just because I got sick of this:

indeed, it's very useful but it's not a requirement at all to be secure :)

The only requirements for security are:

1) use proper passwords, or keyfiles but with keyfiles stored on properly 
protected machine (geli, proper password for geli too)

2) it's not really wrong to use same (but well done - random) passwords in 
many places YOU administer, but never use the same password on any 
foreign places.

3) Store that password ONLY in brain.

As herds of morons don't really understand what are passwords for, all 
points are usually not respected, point 3 being the most common :)

You want to crack into company server - just look at monitors and notes 
glued to it. If you can't - ask a charwoman working there ;)

More information about the freebsd-questions mailing list