Date: Tue, 23 Jun 2009 10:57:26 +0200 (CEST) From: Wojciech Puchar <wojtek@wojtek.tensor.gdynia.pl> To: utisoft@gmail.com Cc: Benjamin Lee <ben@b1c1l1.com>, Daniel Underwood <djuatdelta@gmail.com>, freebsd-questions@freebsd.org Subject: Re: Best practices for securing SSH server Message-ID: <alpine.BSF.2.00.0906231052130.55469@wojtek.tensor.gdynia.pl> In-Reply-To: <b79ecaef0906230112y7e96cd04ke983a0f6d3dac71b@mail.gmail.com> References: <b6c05a470906221816l4001b92cu82270632440ee8a@mail.gmail.com> <4A403324.6090300@b1c1l1.com> <alpine.BSF.2.00.0906230839170.54856@wojtek.tensor.gdynia.pl> <b79ecaef0906230112y7e96cd04ke983a0f6d3dac71b@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>> >> 99% of crack attempts are done by "kevin mitnick" methods, not password >> cracking. > > You're right about the probability of password breaking, but > personally I installed denyhosts just because I got sick of this: indeed, it's very useful but it's not a requirement at all to be secure :) The only requirements for security are: 1) use proper passwords, or keyfiles but with keyfiles stored on properly protected machine (geli, proper password for geli too) 2) it's not really wrong to use same (but well done - random) passwords in many places YOU administer, but never use the same password on any foreign places. 3) Store that password ONLY in brain. As herds of morons don't really understand what are passwords for, all points are usually not respected, point 3 being the most common :) You want to crack into company server - just look at monitors and notes glued to it. If you can't - ask a charwoman working there ;)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.0906231052130.55469>