a GOOD idea to harden OpenSSH!

I'm writing here, because the ssh dev list says: Mail Delivery Status Notification (Delay) [Status: Error, Address: openssh-unix-...@mindrot.org, ResponseCode 451, Temporary failure, please try again later.] So: What is you're opinion about the next idea? Please write down ++/-- thoughts:

Re: a GOOD idea to harden OpenSSH!

Isn't limiting the number of retries obtaining the same result? I mean, limiting the number of retries to 5 and having to wait for 10 seconds after five failed attempts will have the same outcome without the hassle, IMO. On Tue, 29 Mar 2011 22:58:53 -0700 nagygabor88 nagygabo...@zoho.com wrote:

Re: a GOOD idea to harden OpenSSH!

IMHO it is absolutelly useless, objections are: 1. You can limit connections using firewall. 2. You already have the feature by name limiting the number of retries 3. If you really want PROTECTION - you should turn off password authentication completelly and use RSA key with passphrase. On Wed,

Re: a GOOD idea to harden OpenSSH!

Don't reinvent wheel http://home.nuug.no/~peter/pf/en/bruteforce.html On Wed, Mar 30, 2011 at 7:58 AM, nagygabor88 nagygabo...@zoho.com wrote: I'm writing here, because the ssh dev list says: Mail Delivery Status Notification (Delay) [Status: Error, Address: openssh-unix-...@mindrot.org,

Re: a GOOD idea to harden OpenSSH!

On Wed, Mar 30, 2011 at 10:06:14AM +0300, Gregory Edigarov wrote: IMHO it is absolutelly useless, objections are: 1. You can limit connections using firewall. 2. You already have the feature by name limiting the number of retries 3. If you really want PROTECTION - you should turn off password

Re: sil3512 PCMCIA eSATA card not configured

We don't support pciide at cardbus yet. The cardbus code ideally needs to be folded into the pci code, this would solve these kinds of problems but is quite painful to do. On Wed, Mar 30, 2011 at 02:30:10AM +0100, iproudlyeat...@gmail.com wrote: I have a Delock 2xeSATA PCMCIA card that isn't

Re: a GOOD idea to harden OpenSSH!

On Wed, Mar 30, 2011 at 03:00:18PM +0700, Edho P Arief wrote: On Wed, Mar 30, 2011 at 2:22 PM, Alexander Schrijver alexander.schrij...@gmail.com wrote: It's a great way to keep someone out of their own system. Unless you enable root login... How does that help?

Re: MAXDSIZ

currently not but this machine will be a DB server (Postgresql + Mysql) and it was aksed if we could go beyond the 8G. In any case, for now, if I can address 8G physical memory is fine. Thanks for your feedback Tony On Mon, Mar 28, 2011 at 6:59 PM, Ted Unangst ted.unan...@gmail.com wrote:

Re: a GOOD idea to harden OpenSSH!

On 30 March 2011 20:22, Alexander Schrijver alexander.schrij...@gmail.com wrote: On Wed, Mar 30, 2011 at 10:06:14AM +0300, Gregory Edigarov wrote: IMHO it is absolutelly useless, objections are: 1. You can limit connections using firewall. 2. You already have the feature by name limiting the

Re: a GOOD idea to harden OpenSSH!

On Wed, Mar 30, 2011 at 3:11 PM, Alexander Schrijver alexander.schrij...@gmail.com wrote: On Wed, Mar 30, 2011 at 03:00:18PM +0700, Edho P Arief wrote: On Wed, Mar 30, 2011 at 2:22 PM, Alexander Schrijver alexander.schrij...@gmail.com wrote: It's a great way to keep someone out of their own

Re: a GOOD idea to harden OpenSSH!

On Wed, 30 Mar 2011 09:22:44 +0200, Alexander Schrijver alexander.schrij...@gmail.com wrote: On Wed, Mar 30, 2011 at 10:06:14AM +0300, Gregory Edigarov wrote: IMHO it is absolutelly useless, objections are: 1. You can limit connections using firewall. 2. You already have the feature by name

Re: a GOOD idea to harden OpenSSH!

On Wed, Mar 30, 2011 at 2:22 PM, Alexander Schrijver alexander.schrij...@gmail.com wrote: It's a great way to keep someone out of their own system. Unless you enable root login...

Re: [darkice] Re: Build darkice on OpenBSD 4.8

Anybody there was able to compile darkice on OpenBSD 4.8 or -current ? On Tue, Mar 29, 2011 at 4:47 PM, Evgeniy Sudyr eject.in...@gmail.comwrote: I got source from anoncvs and then added include to .cpp files #include /usr/src/usr.sbin/nsd/compat/pselect.c now I'm getting next error:

Re: MAXDSIZ

2011/3/30 Tony Berth tonybe...@googlemail.com currently not but this machine will be a DB server (Postgresql + Mysql) and it was aksed if we could go beyond the 8G. In any case, for now, if I can address 8G physical memory is fine. ..which you cant. -- To our sweethearts and wives. May

WSI presenta: Congreso de Marketing Digital,Tendencias, Realidad Aumentada y más este 11 de abril Cd. de México

[IMAGE] Wsi y Pms Capacitacisn Efectiva de Mixico presentan: Congreso Nacional Internet Marketing Evolution este 11 de abril Ciudad de Mixico. Digital Marketing, Social Media, Search Engine Optimization, Realidad Aumentada y mas Empresa Registrada ante la STPS Reg. COLG640205CP30005 Smguenos

Re: Performance degradation after upgrade

Ok, now we have been doing some testing and probably found the problem. All tests were done on the same machine with an Intel S5000VSA MB and a Xeon E5420 2,5 Ghz processor, running OpenBSD 4.8 amd64 GENERIC (SP kernel). We tested the performance with iperf, running two clients connected through

Re: MAXDSIZ

I can't??? So the limit of 4G physical memory still exists? And why was this statement made from 4.4 release? Thanks On Wed, Mar 30, 2011 at 12:39 PM, Janne Johansson icepic...@gmail.comwrote: 2011/3/30 Tony Berth tonybe...@googlemail.com currently not but this machine will be a DB server

Re: Performance degradation after upgrade

Could you donate a dual port card to the project if you replace them? I would like to figure out why some em(4) perform badly while the same chip on a different card seems to perform as expected. Can you provide the vmstat -zi output of the 4 port card? I wonder how the interrupts are shared on

Re: MAXDSIZ

On Wed, Mar 30, 2011 at 01:22:19PM +0200, Tony Berth wrote: I can't??? So the limit of 4G physical memory still exists? And why was this statement made from 4.4 release? Yes, the limit still exists. Work on that is progressing, but slowly. I don't think 4.4 was shipped with bigmem enabled. CVS

Curso de Nominas 2011

Marzo 2011 Curso de Nominas 2011 VisiC3n Humana (ConsultorC-a en Recursos Humanos) tiene el agrado de invitarlo al Curso de NC3minas 2011 que se llevarC! a cabo en el mes de Abril de 2011. OBJETIVO: Conocer las disposiciones legales y procedimientos para realizar al correcto cC!lculo de una

Re: MAXDSIZ

On Wed, Mar 30, 2011 at 01:22:19PM +0200, Tony Berth wrote: I can't??? So the limit of 4G physical memory still exists? And why was this statement made from 4.4 release? physical vs virtual memory, as has been explained already it's no longer 1950; we've got this thing called swap Thanks

Network card EM not recognized

Hello, I am having problems with some network card on 2 appliances that i just bought. Indeed, two network card (82575EB chipset) are not recognized correctly. I get the following error message : /em0 at pci2 dev 0 function 0 Intel PRO/1000 PT (82575EB) rev 0x02: cannot find i/o space em1 at pci2

Re: MAXDSIZ

On 03/30/11 05:21, Tony Berth wrote: I can't??? So the limit of 4G physical memory still exists? And why was this statement made from 4.4 release? Worse, an amd64 kernel looking at 8GB of real, physical ram only makes a wee bit under 3GB available. OpenBSD 4.9-current (GENERIC.MP) #852: Sun

LAST day to take advantage of our 5 for 4 Offer

Please click here if the e-mail below is not displayed correctly Cast in Style www.castinstyle.co.uk Beautiful Cast Iron Home and Garden Ware IT'S THE LAST DAY TO TAKE ADVANTAGE - ENDS TOMORROW For the whole of March we are giving away FREE products. Buy 5 of anything you like on our web site

Dear,misc: 善用Voip網絡加強業務告訴發展!

Having problems viewing this email? Please click here.For enquiry, please send email to powert...@epromotion.com.hk eg!f3i1h.d;%d8ge'e.9oh+f f-$.ef d;;d=f%h)h+i;i5h3 powert...@epromotion.com.hk eff(d8 f3e f6e0fegd?!d;6oh+fih#ie.

Re: sil3512 PCMCIA eSATA card not configured

On 30 March 2011 09:06, Jonathan Gray j...@goblin.cx wrote: We don't support pciide at cardbus yet. The cardbus code ideally needs to be folded into the pci code, this would solve these kinds of problems but is quite painful to do. Would an expresscard work?

Re: MAXDSIZ

I have loaded the machine with processes and I think it consumed slightly more than 4G physical, running 3 compiles at once. OpenBSD userland (make -j4) + Clang/LLVM (make -j4) + ITK (make -j4). I was checking with top -s3 -1. OpenBSD just returns kernel page memory very very quickly, so it is

Re: MAXDSIZ

On Wed, 30 Mar 2011 13:15:10 -0500 Amit Kulkarni amitk...@gmail.com wrote: OpenBSD just returns kernel page memory very very quickly, so it is difficult for it to consume more :). But seriously, after this compile, kernel was holding onto some memory. At idle (after compilation) it was an

Re: MAXDSIZ

On 2011-03-30 17.48, Jeff Ross wrote: On 03/30/11 05:21, Tony Berth wrote: I can't??? So the limit of 4G physical memory still exists? And why was this statement made from 4.4 release? Worse, an amd64 kernel looking at 8GB of real, physical ram only makes a wee bit under 3GB available.

OpenBSD Torrents - Tracker + Seed Hosting Needed

I currently run the OpenBSD torrent tracker at http://openbsd.somedomain.net as well as the primary seeder but due to external circumstances I am no longer able to continue hosting it. I am looking for someone interested and able to take this over. I am more than happy to help with

Re: MAXDSIZ

On Wed, 30 Mar 2011 22:12:56 +0200 Benny Lofgren bl-li...@lofgren.biz wrote: On 2011-03-30 17.48, Jeff Ross wrote: On 03/30/11 05:21, Tony Berth wrote: Worse, an amd64 kernel looking at 8GB of real, physical ram only makes a wee bit under 3GB available. real mem = 3220111360 (3070MB)

Re: sil3512 PCMCIA eSATA card not configured

On Wed, Mar 30, 2011 at 06:05:42PM +0100, iproudlyeat...@gmail.com wrote: On 30 March 2011 09:06, Jonathan Gray j...@goblin.cx wrote: We don't support pciide at cardbus yet. The cardbus code ideally needs to be folded into the pci code, this would solve these kinds of problems but is quite

Re: MAXDSIZ

OpenBSD just returns kernel page memory very very quickly, so it is difficult for it to consume more :). But seriously, after this compile, kernel was holding onto some memory. At idle (after compilation) it was an excess of 300-500M more, instead of 1-1.3G, it was around 1.7G. Opensolaris

Re: MAXDSIZ

* Amit Kulkarni amitk...@gmail.com [2011-03-30 23:19]: Might be okay for high physical memory machines but not low. I remember Opensolaris also filled out bufcache for ZFS, which was a bloated pig. and ClaimsToBeOpen-Solaris' bufcache allocation strategies have exactly what to do with

Re: MAXDSIZ

Nothing directly, just observing a comparison of default choice. OpenBSD opts for one strategy (bufcache = 10%) and Opensolaris opts for another (bufcache close to 100%). * Amit Kulkarni amitk...@gmail.com [2011-03-30 23:19]: Might be okay for high physical memory machines but not low. I

Re: MAXDSIZ

* Amit Kulkarni amitk...@gmail.com [2011-03-31 00:45]: Nothing directly, just observing a comparison of default choice. OpenBSD opts for one strategy (bufcache = 10%) and Opensolaris opts for another (bufcache close to 100%). you are wrong. -- Henning Brauer, h...@bsws.de,

Julio mes de la Secretaria, lV Convención Playa del Carmen 2011

[IMAGE] Pms Capacitacisn Efectiva de Mixico le presenta este programa: Convencisn Nacional Secretarmas Ejecutivas y Asistentes 2011 22-23 de Julio, Playa del Carmen Exclusivas conferencias presentadas por 3 Expertos Expositores Empresa Registrada ante la STPS Reg. COLG640205CP30005 Smguenos

Re: MAXDSIZ

* Amit Kulkarni amitk...@gmail.com [2011-03-31 01:09]: On Wed, Mar 30, 2011 at 5:47 PM, Henning Brauer lists-open...@bsws.de wrote: * Amit Kulkarni amitk...@gmail.com [2011-03-31 00:45]: Nothing directly, just observing a comparison of default choice. OpenBSD opts for one strategy (bufcache

Re: MAXDSIZ

On 03/30/11 19:18, Henning Brauer wrote: * Amit Kulkarniamitk...@gmail.com [2011-03-31 01:09]: On Wed, Mar 30, 2011 at 5:47 PM, Henning Brauerlists-open...@bsws.de wrote: * Amit Kulkarniamitk...@gmail.com [2011-03-31 00:45]: Nothing directly, just observing a comparison of default choice.

Re: MAXDSIZ

* Scott McEachern sc...@blackstaff.ca [2011-03-31 01:26]: And what are we readers to wait for, anyway? the bump. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers,

Re: MAXDSIZ

On 3/30/11 7:23 PM, Scott McEachern wrote: On 03/30/11 19:18, Henning Brauer wrote: * Amit Kulkarniamitk...@gmail.com [2011-03-31 01:09]: On Wed, Mar 30, 2011 at 5:47 PM, Henning Brauerlists-open...@bsws.de wrote: * Amit Kulkarniamitk...@gmail.com [2011-03-31 00:45]: Nothing directly, just

Re: MAXDSIZ

where? please educate me. On Wed, Mar 30, 2011 at 5:47 PM, Henning Brauer lists-open...@bsws.de wrote: * Amit Kulkarni amitk...@gmail.com [2011-03-31 00:45]: Nothing directly, just observing a comparison of default choice. OpenBSD opts for one strategy (bufcache = 10%) and Opensolaris opts

Re: Performance degradation after upgrade

2011/3/30 Peter Hallin peter.hal...@ldc.lu.se Ok, now we have been doing some testing and probably found the problem. All tests were done on the same machine with an Intel S5000VSA MB and a Xeon E5420 2,5 Ghz processor, running OpenBSD 4.8 amd64 GENERIC (SP kernel). We tested the

Re: MAXDSIZ

Henning, Hey you guys are going to bump up the default and enable bigmem as default too? :) Is it scheduled for this hackathon? Daniel, Thanks, I will look into that. Undeadly is good. OK, I may be way off track and totally wrong here, but isn't that worked Bob did may be two hacketon

Facture N� 18965874

[IMAGE] Chers clients ! --- Pour la Nouvelle security de 2011 , Nous avons recemment examine votre compte et nous avons besoin de plus d'informations sur votre entreprise pour nous permettre de fournir un service ininterrompu. Jusqu a ce que nous pouvons recueillir cette information,

Re: MAXDSIZ

If you use real hardware bigmen is default. On Wed, 30 Mar 2011 19:57 -0500, Amit Kulkarni amitk...@gmail.com wrote: Henning, Hey you guys are going to bump up the default and enable bigmem as default too? :) Is it scheduled for this hackathon? Daniel, Thanks, I will look into that.