[TriLUG] Port Knocking Alternatives?

Ken Mink ken.mink at gmail.com
Fri Feb 4 14:08:10 EST 2005


If your problem/annoyance/fear is dictionary attacks on ssh user's
passwords, take them out of the equation. I set my systems up to only
allow public key logins. I also set sshd to only allow specified
userids access, obviously root isn't one of them.

Ken


On Fri, 4 Feb 2005 13:36:45 -0500, Rick DeNatale
<rick.denatale at gmail.com> wrote:
> On Fri, 04 Feb 2005 12:53:45 -0500, Brian Henning
> <brian at strutmasters.com> wrote:
> > I'll see your two cents, and raise you two more!
> >
> > My personal reasoning is that this sort of scheme is not intended to add
> > any "security" whatsoever.  I trust the solidity of the few usernames
> > that are actually allowed SSH access..  My only desire is to ward off
> > the popular dictionary attacks that I routinely see cluttering my logs
> > when I leave SSH wide open
> 
> That's exactly why I got interested in this.  It's more for nuisance
> reduction rather than added security.
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> TriLUG PGP Keyring         : http://trilug.org/~chrish/trilug.asc
> 


-- 
---------------------------------------------
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."--Benjamin Franklin
" 'Necessity' is the plea for every infringement of human liberty; it
is the argument of tyrants; it is the creed of slaves."--William Pitt



More information about the TriLUG mailing list