Best practices for securing SSH server

Jon Radel jon at
Sat Jun 27 19:18:44 UTC 2009

Jos Chrispijn wrote:
> Daniel Underwood wrote:
>> laptop to connect to the server.  Due to the speed and location of the
>> connection, it's a relatively high-risk target.
> Can you tell me what you mean with that? I mean, imho a server must been 
> consider always a risk target.
> Perhaps I don't understand.

As I believe has already been answered in this thread, the better 
connected a server is to the Internet, the higher its value to several 
varieties of miscreants.  Given a choice between a server connected via 
a close to saturated T1 somewhere in the back waters of the Internet and 
a server with multiple 100mbps+ connections to key backbones, somebody 
interested in staging DOS attacks or using the server as a base to 
"explore" other networks or ... is likely to find the latter server of 
greater interest.  About the only advantage I can think of for the 
former is that it's probably, other things being equal, less likely to 
be properly maintained and monitored.


--Jon Radel
jon at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3283 bytes
Desc: S/MIME Cryptographic Signature
Url :

More information about the freebsd-questions mailing list