Best practices for securing SSH server

Chris Rees utisoft at
Sun Jun 28 17:18:10 UTC 2009

2009/6/28 Polytropon <freebsd at>:
> On Sat, 27 Jun 2009 21:17:11 -0400, Daniel Underwood <djuatdelta at> wrote:
>> Exactly.  For example, the "server" in question is a desktop machine
>> at work.  I regularly see transfer rates of 13MB/s.  It's at a major
>> university, which is by itself another high-risk factor, precisely
>> because there are so many (often weakly protected) high-speed
>> connections.
> That's a valid point, and I'd like to add that there is some
> consideration: Servers are usually protected with proper means.
> This goes especially for UNIX servers. Desktops, on the other
> hand, can more easily be taken over (especially non-UNIX machines),
> so if an attacker got his foot inside a network, it's very
> useful to him. There are even trading platforms where criminals
> buy and sell whole networks of compromised PCs. Of course,
> everything happening inside such networks should be seen as
> what it is: a threat to security. Just imagine some "clever
> guy" uses telnet inside such a network to configure the
> server...

You mean like the default alternative to SSH for "Windows" boxes?

Gotta love their arrogance....


A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in a mailing list?

More information about the freebsd-questions mailing list