limit number of ssh connections
Chad Perrin
perrin at apotheon.com
Tue Sep 20 00:57:11 UTC 2011
On Mon, Sep 19, 2011 at 05:11:28PM -0700, Randal L. Schwartz wrote:
> >>>>> "Григорьев" == Григорьев Александр <mr.festin at yandex.ru> writes:
>
> Григорьев> If your target is protect freebsd box from bruting passwords
> Григорьев> from inet maybe security/knockd will help you?
>
> Portknocking adds only a dozen bits or so to your password. Do you
> really think it helps to go from a 1024-bit key to a 1036-bit? In other
> words, Portknocking belongs in the "security for dummies" pile right
> along with "turning off your SSID announce" and "use MAC address
> filtering" when people talk about wifi "security". All three are
> useless and give you a false sense of having "increased" security.
I'd say, rather, that it's useful in deflecting the drive-by, casual
cracking attempts, but not as real security against a more sophisticated
attack. It's nice to have cleaner logging sometimes -- which is the real
benefit of such techniques, rather than security per se.
--
Chad Perrin [ original content licensed OWL: http://owl.apotheon.org ]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20110920/6a65c4f2/attachment.pgp
More information about the freebsd-questions
mailing list