If for some reason you would prefer to use password authentication, I
would recommend that you look into automatic brute force detection.
There are a number of utilities in ports available for this purpose,
including security/sshguard and security/denyhosts.


good, but not really important with properly chosen password.
You can't do more than maybe 10 attempts/second this way, while cracking 10 character password consisting of just small letters and digits needs

36^10=3656158440062976 possible passwords, and over 11 milion years to check all possibilities, so say 100000 years if someone is really lucky and will get it after checking 1% possible password.

Of course - you must not look at logs in 100000 years and not see this 10 attempts per second.



I give this example against common paranoia that exist on that group - mix of real "security paranoid" persons and pseudo-experts that like to repeat "intelligent" phrases to show up themselves.

Actually - there is no need for extra protection for ssh, but for humans.

99% of crack attempts are done by "kevin mitnick" methods, not password cracking.
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Reply via email to