limit number of ssh connections

Chad Perrin perrin at apotheon.com
Tue Sep 20 00:57:11 UTC 2011


On Mon, Sep 19, 2011 at 05:11:28PM -0700, Randal L. Schwartz wrote:
> >>>>> "Григорьев" == Григорьев Александр <mr.festin at yandex.ru> writes:
> 
> Григорьев> If your target is protect freebsd box from bruting passwords
> Григорьев> from inet maybe security/knockd will help you?
> 
> Portknocking adds only a dozen bits or so to your password.  Do you
> really think it helps to go from a 1024-bit key to a 1036-bit?  In other
> words, Portknocking belongs in the "security for dummies" pile right
> along with "turning off your SSID announce" and "use MAC address
> filtering" when people talk about wifi "security".  All three are
> useless and give you a false sense of having "increased" security.

I'd say, rather, that it's useful in deflecting the drive-by, casual
cracking attempts, but not as real security against a more sophisticated
attack.  It's nice to have cleaner logging sometimes -- which is the real
benefit of such techniques, rather than security per se.

-- 
Chad Perrin [ original content licensed OWL: http://owl.apotheon.org ]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20110920/6a65c4f2/attachment.pgp


More information about the freebsd-questions mailing list