I have never been a fan of port knocking. Single Port Auth seems like a better idea to me.
The 0-day is actually a rumor. While OpenSSH has had it's share of problems over the years, what this podcast is talking about are old OSs with old services. The compromised machines were running a very old version of ssh on old versions of Cent-OS (5.2). The lesson here is that you have to patch, regardless of the OS that you are using. On Fri, Dec 2, 2011 at 3:38 PM, Royce Souther <[email protected]> wrote: > If you watch TechSNAP it has more information. > http://www.jupiterbroadcasting.com/14561/allans-zfs-server-build-techsnap-34/ > > PKI may not be enough, I am thinking that port knocking to restrict access > to port 22 is a good idea now. > > -- > Easy, fast GUI development. > http://PerlQt.wikidot.com > > _______________________________________________ > clug-talk mailing list > [email protected] > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > **Please remove these lines when replying _______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
