Best practices for securing SSH server
Wojciech Puchar
wojtek at wojtek.tensor.gdynia.pl
Tue Jun 23 08:59:06 UTC 2009
>>
>> 99% of crack attempts are done by "kevin mitnick" methods, not password
>> cracking.
>
> You're right about the probability of password breaking, but
> personally I installed denyhosts just because I got sick of this:
indeed, it's very useful but it's not a requirement at all to be secure :)
The only requirements for security are:
1) use proper passwords, or keyfiles but with keyfiles stored on properly
protected machine (geli, proper password for geli too)
2) it's not really wrong to use same (but well done - random) passwords in
many places YOU administer, but never use the same password on any
foreign places.
3) Store that password ONLY in brain.
As herds of morons don't really understand what are passwords for, all
points are usually not respected, point 3 being the most common :)
You want to crack into company server - just look at monitors and notes
glued to it. If you can't - ask a charwoman working there ;)
More information about the freebsd-questions
mailing list