From owner-freebsd-questions@FreeBSD.ORG  Tue Sep 20 00:11:32 2011
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 662ED1065673
	for <freebsd-questions@freebsd.org>;
	Tue, 20 Sep 2011 00:11:32 +0000 (UTC)
	(envelope-from merlyn@stonehenge.com)
Received: from mail.mroute.net (lax-gw12.mailroute.net [199.89.0.112])
	by mx1.freebsd.org (Postfix) with ESMTP id 499FB8FC13
	for <freebsd-questions@freebsd.org>;
	Tue, 20 Sep 2011 00:11:31 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by lax-gw12.mroute.net (Postfix) with ESMTP id 227463270716;
	Tue, 20 Sep 2011 00:11:30 +0000 (UTC)
X-Virus-Scanned: by MailRoute
Received: from red.stonehenge.com (red.stonehenge.com [208.79.95.2])
	by lax-gw12.mroute.net (Postfix) with ESMTP id 80C693270715;
	Tue, 20 Sep 2011 00:11:29 +0000 (UTC)
Received: by red.stonehenge.com (Postfix, from userid 1001)
	id 6F24A3FF8; Mon, 19 Sep 2011 17:11:29 -0700 (PDT)
From: merlyn@stonehenge.com (Randal L. Schwartz)
To: =?utf-8?B?0JPRgNC40LPQvtGA0YzQtdCyINCQ0LvQtdC60YHQsNC90LTRgA==?=
	<mr.festin@yandex.ru>
References: <CAAOvGP2Gj0=ZAYZn2KZYUa3NTCHVtUdtQqHumM1D5Ea26dzPrQ@mail.gmail.com>
	<946851316461449@web97.yandex.ru>
x-mayan-date: Long count = 12.19.18.13.1; tzolkin = 13 Imix; haab = 9 Chen
Date: Mon, 19 Sep 2011 17:11:28 -0700
In-Reply-To: <946851316461449@web97.yandex.ru> (=?utf-8?B?ItCT0YDQuNCz0L4=?=
	=?utf-8?B?0YDRjNC10LIg0JDQu9C10LrRgdCw0L3QtNGAIidz?=
	message of "Mon, 19 Sep 2011 23:44:09 +0400")
Message-ID: <86k494t6mn.fsf@red.stonehenge.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.3 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Cc: James Strother <jstrother9109@gmail.com>, freebsd-questions@freebsd.org
Subject: Re: limit number of ssh connections
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Sep 2011 00:11:32 -0000

>>>>> "=D0=93=D1=80=D0=B8=D0=B3=D0=BE=D1=80=D1=8C=D0=B5=D0=B2" =3D=3D =D0=
=93=D1=80=D0=B8=D0=B3=D0=BE=D1=80=D1=8C=D0=B5=D0=B2 =D0=90=D0=BB=D0=B5=D0=
=BA=D1=81=D0=B0=D0=BD=D0=B4=D1=80 <mr.festin@yandex.ru> writes:

=D0=93=D1=80=D0=B8=D0=B3=D0=BE=D1=80=D1=8C=D0=B5=D0=B2> If your target is p=
rotect freebsd box from bruting passwords
=D0=93=D1=80=D0=B8=D0=B3=D0=BE=D1=80=D1=8C=D0=B5=D0=B2> from inet maybe sec=
urity/knockd will help you?

Portknocking adds only a dozen bits or so to your password.  Do you
really think it helps to go from a 1024-bit key to a 1036-bit?  In other
words, Portknocking belongs in the "security for dummies" pile right
along with "turning off your SSID announce" and "use MAC address
filtering" when people talk about wifi "security".  All three are
useless and give you a false sense of having "increased" security.

The real security is disable plaintext passwords.  Then no amount of
bruteforce will ever get in.

--=20
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn@stonehenge.com> <URL:http://www.stonehenge.com/merlyn/>
Smalltalk/Perl/Unix consulting, Technical writing, Comedy, etc. etc.
See http://methodsandmessages.posterous.com/ for Smalltalk discussion