From owner-freebsd-questions@FreeBSD.ORG  Tue Jun 23 07:50:03 2009
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id DB16E106564A
	for <freebsd-questions@freebsd.org>;
	Tue, 23 Jun 2009 07:50:03 +0000 (UTC)
	(envelope-from wojtek@wojtek.tensor.gdynia.pl)
Received: from wojtek.tensor.gdynia.pl (wojtek.tensor.gdynia.pl
	[IPv6:2001:4070:101:2::2])
	by mx1.freebsd.org (Postfix) with ESMTP id 0417F8FC25
	for <freebsd-questions@freebsd.org>;
	Tue, 23 Jun 2009 07:50:02 +0000 (UTC)
	(envelope-from wojtek@wojtek.tensor.gdynia.pl)
Received: from wojtek.tensor.gdynia.pl (localhost [IPv6:::1])
	by wojtek.tensor.gdynia.pl (8.14.3/8.14.3) with ESMTP id n5N7mRpQ055261;
	Tue, 23 Jun 2009 09:48:28 +0200 (CEST)
	(envelope-from wojtek@wojtek.tensor.gdynia.pl)
Received: from localhost (wojtek@localhost)
	by wojtek.tensor.gdynia.pl (8.14.3/8.14.3/Submit) with ESMTP id
	n5N7mOse055258; Tue, 23 Jun 2009 09:48:25 +0200 (CEST)
	(envelope-from wojtek@wojtek.tensor.gdynia.pl)
Date: Tue, 23 Jun 2009 09:48:23 +0200 (CEST)
From: Wojciech Puchar <wojtek@wojtek.tensor.gdynia.pl>
To: Matthew Seaman <m.seaman@infracaninophile.co.uk>
In-Reply-To: <4A4087DB.5010700@infracaninophile.co.uk>
Message-ID: <alpine.BSF.2.00.0906230946220.55215@wojtek.tensor.gdynia.pl>
References: <b6c05a470906221816l4001b92cu82270632440ee8a@mail.gmail.com>
	<4A403324.6090300@b1c1l1.com>
	<alpine.BSF.2.00.0906230839170.54856@wojtek.tensor.gdynia.pl>
	<4A4087DB.5010700@infracaninophile.co.uk>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: Benjamin Lee <ben@b1c1l1.com>, Daniel Underwood <djuatdelta@gmail.com>,
	freebsd-questions@freebsd.org
Subject: Re: Best practices for securing SSH server
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jun 2009 07:50:04 -0000

>> You can't do more than maybe 10 attempts/second this way, while cracking
>> 10 character password consisting of just small letters and digits needs
>
> 10 characters is a longer than usual password.  Most people have been
> conditioned into using a 7 or 8 character password, which is at least a

so that's the answer how to secure SSH server. use 10 letter random 
passwords.

>> 36^10=3656158440062976 possible passwords, and over 11 milion years to
>> check all possibilities, so say 100000 years if someone is really lucky
>> and will get it after checking 1% possible password.
>
> There is a very big flaw in your analysis here.  You're assuming that
> the passwords people might use are randomly and evenly distributed over

So you already confirmed what i say. It's human problem - for example 
not using random passwords.

Talking about security within that context is a joke.