Best practices for securing SSH server

Daniel Underwood djuatdelta at
Wed Jun 24 14:43:22 UTC 2009

> Point remains: Adding port knocking does not solve any security problem, it only adds
> complexity, cost, points of failure, inconvenience etc while making your problem appear
> differently and leaving you with the illusion of being more secure.

I think that's grossly overstated, if not just plain wrong.  Ceteris
paribus, a system with port knocking is almost certainly more secure
than a system without port knocking. It's not a guarantee against
penetration.  But even if it's only a heightened "degreee" of security
not an additional "kind" of security measure (as you argue), it's
still heightened security.

More information about the freebsd-questions mailing list