> -----Original Message----- > From: [email protected] > Sent: Thu, 12 Nov 2009 00:49:00 +0100 > To: [email protected] > Subject: Re: [Shorewall-users] counter SSH brute force attacks > > Jernej Simončič írta: >> On Tuesday, November 10, 2009, 13:05:47, Balogh László wrote: >> >> >>> Either match it onto a fixed ip endpoint, or implement >>> az easy SSH based VPN like OpenVPN, and >>> connect through VPN and then SSH through it. >>> >> >> Why is SSH a greater risk than eg. OpenVPN? >> >> > First: > Because it is username/password based. > A 6-16 character passowrd is easier to guess than a > 1024-... kbyte encryption file.....
Username/password is one of the options of SSH, it is not essential as Tom pointed out earlier. Using the private/public keys is the main feature. Anyone trying to configure ssh properly should just read the "man sshd" pages thoroughly.. With only the keys enabled, no root login and strictmodes on, disabling the rest, I have yet to see someone try and get in on my end... > Second: > OpenVPN is much harder to crack with botnet > bruteforce attacks, becouse one try takes much > more time(seconds) than an SSH attempt > (milliseconds) Good complement but overkill for many out there.. > But I think that in combining the two together can > you have better security. > > > Laszlo Balogh Regards, -- Patrick Benson Stockholm, Sweden ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
