At 04:12 PM 10/2/2005, Daniel Gerzo wrote: >very nice is to use AllowUsers in form of [EMAIL PROTECTED]
If you can get away with it, absolutely. Same with the RSA keys. Of course, the problem is that if you need to get access in an emergency from who-knows-where, you're pretty much stuck with passwords unless you have a token system or a one time password system (e.g. S/Key). (Which reminds me: Anyone have a good S/Key implementation for the Palm Pilot?) >> We also have a log monitor >> that watches the logs (/var/log/auth.log in particular) and >> blackholes hosts that seem to be trying to break in via SSH. > >I wrote a similar script. it's also in ports under >security/bruteforceblocker The system we're using is the general purpose log monitor I described at BSDCon in San Francisco. It's written in SNOBOL4 and has nice features like amnesty and rate limiting. --Brett _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"
