From owner-freebsd-security@FreeBSD.ORG Tue Oct 6 09:06:35 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A74551065695 for ; Tue, 6 Oct 2009 09:06:35 +0000 (UTC) (envelope-from des@des.no) Received: from tim.des.no (tim.des.no [194.63.250.121]) by mx1.freebsd.org (Postfix) with ESMTP id 68AB88FC1E for ; Tue, 6 Oct 2009 09:06:35 +0000 (UTC) Received: from ds4.des.no (des.no [84.49.246.2]) by smtp.des.no (Postfix) with ESMTP id 82D566D41B; Tue, 6 Oct 2009 09:06:34 +0000 (UTC) Received: by ds4.des.no (Postfix, from userid 1001) id EFE498449F; Tue, 6 Oct 2009 11:06:33 +0200 (CEST) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: "Peter" References: <20091003121830.GA15170@sorry.mine.nu> <4AC9F9C1.9030702@kernel32.de> Date: Tue, 06 Oct 2009 11:06:33 +0200 In-Reply-To: (Peter's message of "Mon, 5 Oct 2009 23:04:48 -0600 (MDT)") Message-ID: <86vdis99ie.fsf@ds4.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.0.95 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: olli hauer , freebsd-security@freebsd.org, smithi@nimnet.asn.au, Marian Hettwer Subject: Re: openssh concerns X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Oct 2009 09:06:35 -0000 "Peter" writes: > Or combine that with portknocking - Only open port 22 after X number of > attempts to connect on port 1234: As has already been explained, that's no good if you need to ssh in from behind a corporate firewall that blocks everything except 20, 22, 80 and 443. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no