Thousands of ssh probes

Randal L. Schwartz merlyn at
Fri Mar 5 15:45:33 UTC 2010

>>>>> "Anton" == Anton  <anton at> writes:

Anton>    But, to allow acces for yourself - you could install wonderfull
Anton>    utility = 'knock-knock'.

Port knocking is false security.

It's equivalent to adding precisely two bytes (per knock, which can't
be too close or far apart or numerous) to the key length.

Are you really thinking that increasing your key length from 2048 to 2050

The right solution is proper ssh key management, and intrusion detection, and
if you insist on having password access, use one-time passwords and/or
strength checks.

If you don't like your logfiles filling up, don't run ssh on port 22.  I like
443, because corporate firewalls tend to pass that... :)

Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn at> <URL:>
Smalltalk/Perl/Unix consulting, Technical writing, Comedy, etc. etc.
See for Smalltalk and Seaside discussion

More information about the freebsd-questions mailing list