sshguard pf
jd1008
jd1008 at gmail.com
Wed Nov 5 21:50:37 UTC 2014
On 11/05/2014 02:38 PM, Mark Felder wrote:
>
> On Wed, Nov 5, 2014, at 13:55, jd1008 wrote:
>> I read the web page you cite.
>> However, this is for the client side.
>> What about the server side? How does this
>> affect attacks against the server?
>>
> No, this is for the *server*. When someone tries to ssh to the server
> without a valid ssh key they will get two prompts: a passcode, and their
> password.
>
> As a result, brute forcing the always-changing passcode *and* the
> password is going to be nearly impossible; they have no idea if they get
> the password correct as long as they don't get the passcode correct at
> the same time.
>
> Note, this doesn't stop the bots from trying, but it prevents them from
> ever being successful. You could enable root SSH and set your password
> to "password"[1] and they still wouldn't compromise your server because
> they don't know how to authenticate through this mechanism and guessing
> the ever-changing passcode would be highly unlikely.
>
> [1] Don't actually do this, though.
>
Thank you Mark,
I will keep doing more research on this :)
More information about the freebsd-questions
mailing list