--- "Dan Mahoney, System Admin" <[EMAIL PROTECTED]>
wrote:

> Hey all,
> 
> I've looked around and found several linux-centric
> things designed to 
> block brute-force SSH attempts.  Anyone out there
> know of something a bit 
> more BSD savvy?
> 
> My best attempt will be to get this:
> 
>
http://www.csc.liv.ac.uk/~greg/sshdfilter/index_15.html
> 
> running and adapt it.
> 
> I've found a few things based on openBSD's pf, but
> that doesn't seem to be 
> the default in BSD either.
> 
> Any response appreciated.
> 
> -Dan
> 
> --
> 
> "Is Gushi a person or an entity?"
> "Yes"
> 
> -Bad Karma, August 25th 2001, Ezzi Computers,
> Quoting himself earler, referring to Gushi
> 
> --------Dan Mahoney--------
> Techie,  Sysadmin,  WebGeek
> Gushi on efnet/undernet IRC
> ICQ: 13735144   AIM: LarpGM
> Site:  http://www.gushi.org
> ---------------------------
> 

well you could pretty much eliminate the problem by
disabling password logins to sshd and only accepting
keyed logins. Then only a key will work.

Frequently changing the keys would ensure hackers
would have to want to get in REALLY bad in order to
gain unauthorized access by a brute force attempt.

Depending on how hosts login and their systems, you
could perhaps run a login script that regenerates keys
automatically and distributes them to the user every
so many days or whatever so the system appears
passwordless to them, and secure to the outside. This
may be more trouble then you are looking for though.

In reality using passwords with SSH kinda defeats the
purpose of SSH. 

-brian
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to