Neal Murphy wrote:
The point is to reduce brute-forace attacks to the point of nearly total
ineffectiveness.
I use OpenSSH public/private key authentication to achieve this. Based on needs one could
also use two factor authentication (e.g. one time password tokens) or even a combination
of
Neal Murphy said:
The point is to obscure the ssh server from everyone, including those
who
are authorized to access it remotely.
You're right, this is just the old idea of security by obscurity.
The point is to reduce brute-forace attacks to the point of nearly total
ineffectiveness. The
On Mon, Mar 13, 2006 at 11:06:38PM -0500, Neal Murphy wrote:
The point is to obscure the ssh server from everyone, including those who are
authorized to access it remotely. The point is to reduce brute-forace attacks
to the point of nearly total ineffectiveness.
No more so than simply
On Monday 13 March 2006 01:24, fgeek wrote:
Hello,
once in a while (say, every two weeks) I get a brute-force
login/password scan attempt in my server (i.e., a single ip tries
dictionary account names and passwords at random). SSH access is
needed by many users, and (RSA/DSA key)-only
On Mon, Mar 13, 2006 at 03:19:30AM -0500, Neal Murphy wrote:
[...]
My idea is akin to a monastery that has no visible way in or out. If someone
wants in, he has to know where to knock, using the Super Secret Squirrel
coded knock. Then he has to wait a bit before he tries to pass his
* Neal Murphy [EMAIL PROTECTED] [2006-03-13 03:19 -0500]:
Consider:
[...]
Sounds like putting http://ingles.homeunix.org/software/ost/
into ssh(d).
Nicolas
--
http://www.rachinsky.de/nicolas
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact
Hi Guys,
[...]
I use fail2ban and I'm very happy with it.
Just my 2 cents, regards,
johannes
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
On Mon, Mar 13, 2006 at 03:19:30AM -0500, Neal Murphy wrote:
It seems kind-of counterproductive to set up SSH for secure access, then
advertise to the universe that it's there. Thus my idea:
Consider:
- sshd listens on a pre-shared UDP port for 'a knock on the door',
specifically a
On Monday 13 March 2006 09:38, [EMAIL PROTECTED] wrote:
On Mon, Mar 13, 2006 at 03:19:30AM -0500, Neal Murphy wrote:
It seems kind-of counterproductive to set up SSH for secure access, then
advertise to the universe that it's there. Thus my idea:
Consider:
- sshd listens on a
On Mon, Mar 13, 2006 at 03:03:24PM -0500, Neal Murphy wrote:
The idea is to present information to the server that only the server can
decrypt, and that, in theory, only the authorized user could have generated.
Much like an authentication system. What's the point of all this over
just
On Monday 13 March 2006 20:07, Michael Stone wrote:
On Mon, Mar 13, 2006 at 03:03:24PM -0500, Neal Murphy wrote:
The idea is to present information to the server that only the server can
decrypt, and that, in theory, only the authorized user could have
generated.
Much like an authentication
11 matches
Mail list logo