Thousands of ssh probes

John john at
Fri Mar 5 15:46:56 UTC 2010

On Fri, Mar 05, 2010 at 07:45:02AM -0800, Randal L. Schwartz wrote:
> >>>>> "Anton" == Anton  <anton at> writes:
> Anton>    But, to allow acces for yourself - you could install wonderfull
> Anton>    utility = 'knock-knock'.
> Port knocking is false security.
> It's equivalent to adding precisely two bytes (per knock, which can't
> be too close or far apart or numerous) to the key length.
> Are you really thinking that increasing your key length from 2048 to 2050
> helps?
> The right solution is proper ssh key management, and intrusion detection, and
> if you insist on having password access, use one-time passwords and/or
> strength checks.
> If you don't like your logfiles filling up, don't run ssh on port 22.  I like
> 443, because corporate firewalls tend to pass that... :)

Yes - that's exactly what I used to do, and exactly why I used to do
it, but now I'm thinking of actually implement https.

John Lind
john at starfire.MN.ORG

The inherent vice of capitalism is the unequal sharing of blessings;
the inherent virtue of socialism is the equal sharing of miseries.
  - Winston Churchill

More information about the freebsd-questions mailing list