On Fri, Mar 05, 2010 at 07:45:02AM -0800, Randal L. Schwartz wrote: > >>>>> "Anton" == Anton <an...@sng.by> writes: > > Anton> But, to allow acces for yourself - you could install wonderfull > Anton> utility = 'knock-knock'. > > Port knocking is false security. > > It's equivalent to adding precisely two bytes (per knock, which can't > be too close or far apart or numerous) to the key length. > > Are you really thinking that increasing your key length from 2048 to 2050 > helps? > > The right solution is proper ssh key management, and intrusion detection, and > if you insist on having password access, use one-time passwords and/or > strength checks. > > If you don't like your logfiles filling up, don't run ssh on port 22. I like > 443, because corporate firewalls tend to pass that... :)
Yes - that's exactly what I used to do, and exactly why I used to do it, but now I'm thinking of actually implement https. -- John Lind j...@starfire.mn.org The inherent vice of capitalism is the unequal sharing of blessings; the inherent virtue of socialism is the equal sharing of miseries. - Winston Churchill _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
