Best practices for securing SSH server

Daniel Underwood djuatdelta at
Tue Jun 23 20:11:07 UTC 2009

> A port-knocking sequence is really nothing different than a shared password.

Technically and conceptually, that's true.  But "practically", I'm not
sure you're right.  If in addition to attempting to enumerate the
space of possible passwords, an attacker also enumerates the space of
possible port-knocking sequences, then, yes, you're right.  But I am
willing to bet that the vast majority of attackers DO NOT attempt
this.  For this reason, I think well-designed port-knocking DOES add
significant strength to the server.

If I'm misunderstanding port-knocking, please jump in and correct me...

More information about the freebsd-questions mailing list