From owner-freebsd-questions@FreeBSD.ORG  Tue Jun 23 09:21:19 2009
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 3E72A1065670
	for <freebsd-questions@freebsd.org>;
	Tue, 23 Jun 2009 09:21:19 +0000 (UTC)
	(envelope-from wojtek@wojtek.tensor.gdynia.pl)
Received: from wojtek.tensor.gdynia.pl (wojtek.tensor.gdynia.pl
	[IPv6:2001:4070:101:2::2])
	by mx1.freebsd.org (Postfix) with ESMTP id 2FBB58FC14
	for <freebsd-questions@freebsd.org>;
	Tue, 23 Jun 2009 09:21:17 +0000 (UTC)
	(envelope-from wojtek@wojtek.tensor.gdynia.pl)
Received: from wojtek.tensor.gdynia.pl (localhost [IPv6:::1])
	by wojtek.tensor.gdynia.pl (8.14.3/8.14.3) with ESMTP id n5N9JdFQ055651;
	Tue, 23 Jun 2009 11:19:40 +0200 (CEST)
	(envelope-from wojtek@wojtek.tensor.gdynia.pl)
Received: from localhost (wojtek@localhost)
	by wojtek.tensor.gdynia.pl (8.14.3/8.14.3/Submit) with ESMTP id
	n5N9JYug055648; Tue, 23 Jun 2009 11:19:36 +0200 (CEST)
	(envelope-from wojtek@wojtek.tensor.gdynia.pl)
Date: Tue, 23 Jun 2009 11:19:33 +0200 (CEST)
From: Wojciech Puchar <wojtek@wojtek.tensor.gdynia.pl>
To: Matthew Seaman <m.seaman@infracaninophile.co.uk>
In-Reply-To: <4A4087DB.5010700@infracaninophile.co.uk>
Message-ID: <alpine.BSF.2.00.0906231115500.55627@wojtek.tensor.gdynia.pl>
References: <b6c05a470906221816l4001b92cu82270632440ee8a@mail.gmail.com>
	<4A403324.6090300@b1c1l1.com>
	<alpine.BSF.2.00.0906230839170.54856@wojtek.tensor.gdynia.pl>
	<4A4087DB.5010700@infracaninophile.co.uk>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: Benjamin Lee <ben@b1c1l1.com>, Daniel Underwood <djuatdelta@gmail.com>,
	freebsd-questions@freebsd.org
Subject: Re: Best practices for securing SSH server
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jun 2009 09:21:19 -0000

>> 99% of crack attempts are done by "kevin mitnick" methods, not password
>> cracking.
>
> Absolutely true.  Mitnick was an early exponent of Social Engineering
> attacks, which are still the easiest and most effective methods for

Mitnick just chose the best possible friend - human stupidity. It never 
fails.

> breaking computer security.  Now, if we could just get rid of all the
> users, our lives as Sys Admins would be a whole lot easier...

Just make sure that one user can't do mess to others, and to log every 
logins. Then it's no more your problem, as users can only hurt themselves.

Don't care about their security if they don't care by themselves.

> 	Cheers,
>
> 	Matthew
>
> [*] It's amazing how many people, when you tell them to use a mix of
> upper and lower case letters, just capitalize the *first* letter of
> their password.

because most people don't understand what are passwords for. They just 
treat them as a part of required ceremony.