Thousands of ssh probes
John
john at starfire.mn.org
Fri Mar 5 15:46:56 UTC 2010
On Fri, Mar 05, 2010 at 07:45:02AM -0800, Randal L. Schwartz wrote:
> >>>>> "Anton" == Anton <anton at sng.by> writes:
>
> Anton> But, to allow acces for yourself - you could install wonderfull
> Anton> utility = 'knock-knock'.
>
> Port knocking is false security.
>
> It's equivalent to adding precisely two bytes (per knock, which can't
> be too close or far apart or numerous) to the key length.
>
> Are you really thinking that increasing your key length from 2048 to 2050
> helps?
>
> The right solution is proper ssh key management, and intrusion detection, and
> if you insist on having password access, use one-time passwords and/or
> strength checks.
>
> If you don't like your logfiles filling up, don't run ssh on port 22. I like
> 443, because corporate firewalls tend to pass that... :)
Yes - that's exactly what I used to do, and exactly why I used to do
it, but now I'm thinking of actually implement https.
--
John Lind
john at starfire.MN.ORG
The inherent vice of capitalism is the unequal sharing of blessings;
the inherent virtue of socialism is the equal sharing of miseries.
- Winston Churchill
More information about the freebsd-questions
mailing list