Michel Messerschmidt [EMAIL PROTECTED] writes:
Neal Murphy said:
The point is to obscure the ssh server from everyone, including those
who
are authorized to access it remotely.
You're right, this is just the old idea of security by obscurity.
And quite pointless. Better install a fake sshd
Michael Stone [EMAIL PROTECTED] writes:
On Mon, Mar 13, 2006 at 03:03:24PM -0500, Neal Murphy wrote:
Yes, allowing UDP packets in is, in a sense, an open port, but it's
a one-way port. UDP packets have a fixed maximum size and the
information carried in the packet is trivial in nature; UDP
On Wed, Mar 15, 2006 at 02:35:53PM +0100, Goswin von Brederlow wrote:
Michael Stone [EMAIL PROTECTED] writes:
No, anyone can generate encrypted parts. IMHO, there's not much chance
that the decryption routines in your magic udp parser are going to be
less vulnerable than those in openssh
Michael Stone [EMAIL PROTECTED] writes:
On Wed, Mar 15, 2006 at 02:35:53PM +0100, Goswin von Brederlow wrote:
Michael Stone [EMAIL PROTECTED] writes:
No, anyone can generate encrypted parts. IMHO, there's not much chance
that the decryption routines in your magic udp parser are going to be
Neal Murphy wrote:
The point is to reduce brute-forace attacks to the point of nearly total
ineffectiveness.
I use OpenSSH public/private key authentication to achieve this. Based on needs one could
also use two factor authentication (e.g. one time password tokens) or even a combination
of
On Wed, Mar 15, 2006 at 05:06:34PM +0100, Goswin von Brederlow wrote:
His idea is to add a 100% non responsive knocking (using udp) before
the actual ssh handshake so unauthorized clients can't even determine
that sshd is running. Not that I find that usefull but thats the idea.
Traditional
On Wednesday 15 March 2006 11:06, Goswin von Brederlow wrote:
He trying to solve that a tcp connect to port 22 establishes a
connection and thereby reveals that the server is running an sshd and
attcking it makes sense.
His idea is to add a 100% non responsive knocking (using udp) before
the
Neal Murphy said:
The point is to obscure the ssh server from everyone, including those
who
are authorized to access it remotely.
You're right, this is just the old idea of security by obscurity.
The point is to reduce brute-forace attacks to the point of nearly total
ineffectiveness. The
On Mon, Mar 13, 2006 at 11:06:38PM -0500, Neal Murphy wrote:
The point is to obscure the ssh server from everyone, including those who are
authorized to access it remotely. The point is to reduce brute-forace attacks
to the point of nearly total ineffectiveness.
No more so than simply
On Monday 13 March 2006 01:24, fgeek wrote:
Hello,
once in a while (say, every two weeks) I get a brute-force
login/password scan attempt in my server (i.e., a single ip tries
dictionary account names and passwords at random). SSH access is
needed by many users, and (RSA/DSA key)-only
On Mon, Mar 13, 2006 at 03:19:30AM -0500, Neal Murphy wrote:
[...]
My idea is akin to a monastery that has no visible way in or out. If someone
wants in, he has to know where to knock, using the Super Secret Squirrel
coded knock. Then he has to wait a bit before he tries to pass his
* Neal Murphy [EMAIL PROTECTED] [2006-03-13 03:19 -0500]:
Consider:
[...]
Sounds like putting http://ingles.homeunix.org/software/ost/
into ssh(d).
Nicolas
--
http://www.rachinsky.de/nicolas
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact
Hi Guys,
[...]
I use fail2ban and I'm very happy with it.
Just my 2 cents, regards,
johannes
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
On Mon, Mar 13, 2006 at 03:19:30AM -0500, Neal Murphy wrote:
It seems kind-of counterproductive to set up SSH for secure access, then
advertise to the universe that it's there. Thus my idea:
Consider:
- sshd listens on a pre-shared UDP port for 'a knock on the door',
specifically a
On Monday 13 March 2006 09:38, [EMAIL PROTECTED] wrote:
On Mon, Mar 13, 2006 at 03:19:30AM -0500, Neal Murphy wrote:
It seems kind-of counterproductive to set up SSH for secure access, then
advertise to the universe that it's there. Thus my idea:
Consider:
- sshd listens on a
On Mon, Mar 13, 2006 at 03:03:24PM -0500, Neal Murphy wrote:
The idea is to present information to the server that only the server can
decrypt, and that, in theory, only the authorized user could have generated.
Much like an authentication system. What's the point of all this over
just
On Monday 13 March 2006 20:07, Michael Stone wrote:
On Mon, Mar 13, 2006 at 03:03:24PM -0500, Neal Murphy wrote:
The idea is to present information to the server that only the server can
decrypt, and that, in theory, only the authorized user could have
generated.
Much like an authentication
17 matches
Mail list logo
