Thousands of ssh probes
Randal L. Schwartz
merlyn at stonehenge.com
Fri Mar 5 15:45:33 UTC 2010
>>>>> "Anton" == Anton <anton at sng.by> writes:
Anton> But, to allow acces for yourself - you could install wonderfull
Anton> utility = 'knock-knock'.
Port knocking is false security.
It's equivalent to adding precisely two bytes (per knock, which can't
be too close or far apart or numerous) to the key length.
Are you really thinking that increasing your key length from 2048 to 2050
helps?
The right solution is proper ssh key management, and intrusion detection, and
if you insist on having password access, use one-time passwords and/or
strength checks.
If you don't like your logfiles filling up, don't run ssh on port 22. I like
443, because corporate firewalls tend to pass that... :)
--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn at stonehenge.com> <URL:http://www.stonehenge.com/merlyn/>
Smalltalk/Perl/Unix consulting, Technical writing, Comedy, etc. etc.
See http://methodsandmessages.vox.com/ for Smalltalk and Seaside discussion
More information about the freebsd-questions
mailing list