From owner-freebsd-questions@FreeBSD.ORG Tue Sep 20 00:57:11 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8262D106566C for ; Tue, 20 Sep 2011 00:57:11 +0000 (UTC) (envelope-from perrin@apotheon.com) Received: from oproxy6-pub.bluehost.com (oproxy6.bluehost.com [IPv6:2605:dc00:100:2::a6]) by mx1.freebsd.org (Postfix) with SMTP id 422558FC0A for ; Tue, 20 Sep 2011 00:57:11 +0000 (UTC) Received: (qmail 20017 invoked by uid 0); 20 Sep 2011 00:57:11 -0000 Received: from unknown (HELO box543.bluehost.com) (74.220.219.143) by cpoproxy3.bluehost.com with SMTP; 20 Sep 2011 00:57:10 -0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=apotheon.com; s=default; h=In-Reply-To:Content-Type:Mime-Version:References:Message-ID:Subject:To:From:Date; bh=Nz5sBm2hZMuM+lxTSY8Lb876l5edoG6X9Pyu1y4BePM=; b=W3Dtyaf1k9S4Xn0m6il2nt6j8CjjbIah75dso7BhQDcMOB6nAdp1SAPXDkpkJR6Ugf8Iuw+PXrQf79f/y6ql1rEghsAMlUIPCvR2LwD1aDuZz8lixVeAzM4LahElMnA2; Received: from c-24-8-180-234.hsd1.co.comcast.net ([24.8.180.234] helo=kukaburra.hydra) by box543.bluehost.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.76) (envelope-from ) id 1R5oe5-0005Ys-RF for freebsd-questions@freebsd.org; Mon, 19 Sep 2011 18:57:10 -0600 Received: by kukaburra.hydra (sSMTP sendmail emulation); Mon, 19 Sep 2011 18:56:58 -0600 Date: Mon, 19 Sep 2011 18:56:58 -0600 From: Chad Perrin To: freebsd-questions@freebsd.org Message-ID: <20110920005658.GA67327@guilt.hydra> Mail-Followup-To: freebsd-questions@freebsd.org References: <946851316461449@web97.yandex.ru> <86k494t6mn.fsf@red.stonehenge.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Dxnq1zWXvFF0Q93v" Content-Disposition: inline In-Reply-To: <86k494t6mn.fsf@red.stonehenge.com> User-Agent: Mutt/1.4.2.3i X-Identified-User: {2737:box543.bluehost.com:apotheon:apotheon.org} {sentby:smtp auth 24.8.180.234 authed with ren@apotheon.org} Subject: Re: limit number of ssh connections X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Sep 2011 00:57:11 -0000 --Dxnq1zWXvFF0Q93v Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Sep 19, 2011 at 05:11:28PM -0700, Randal L. Schwartz wrote: > >>>>> "=D0=93=D1=80=D0=B8=D0=B3=D0=BE=D1=80=D1=8C=D0=B5=D0=B2" =3D=3D =D0= =93=D1=80=D0=B8=D0=B3=D0=BE=D1=80=D1=8C=D0=B5=D0=B2 =D0=90=D0=BB=D0=B5=D0= =BA=D1=81=D0=B0=D0=BD=D0=B4=D1=80 writes: >=20 > =D0=93=D1=80=D0=B8=D0=B3=D0=BE=D1=80=D1=8C=D0=B5=D0=B2> If your target is= protect freebsd box from bruting passwords > =D0=93=D1=80=D0=B8=D0=B3=D0=BE=D1=80=D1=8C=D0=B5=D0=B2> from inet maybe s= ecurity/knockd will help you? >=20 > Portknocking adds only a dozen bits or so to your password. Do you > really think it helps to go from a 1024-bit key to a 1036-bit? In other > words, Portknocking belongs in the "security for dummies" pile right > along with "turning off your SSID announce" and "use MAC address > filtering" when people talk about wifi "security". All three are > useless and give you a false sense of having "increased" security. I'd say, rather, that it's useful in deflecting the drive-by, casual cracking attempts, but not as real security against a more sophisticated attack. It's nice to have cleaner logging sometimes -- which is the real benefit of such techniques, rather than security per se. --=20 Chad Perrin [ original content licensed OWL: http://owl.apotheon.org ] --Dxnq1zWXvFF0Q93v Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (FreeBSD) iEYEARECAAYFAk535NkACgkQ9mn/Pj01uKWkLACfbvIsu2MDTvG3nRPHhgJ6ZOiE mcIAoMbfdYOj/ld3Hn6SOSHlxKvHRs3J =1JOU -----END PGP SIGNATURE----- --Dxnq1zWXvFF0Q93v--