[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] List of Relays' Available SSH Auth Methods
On Tue, Nov 18, 2014 at 10:09:37AM -0500, Libertas wrote:
> Hi, everyone. Linked below is a list of relays that were live last night
> along with the SSH authentication methods they support:
[snip]
> Generally, it is far more secure to allow only public key auth.
Nobody has mentioned using single packet authentication via fwknopd. I
get the warm fuzzies when one must pass this this challenge before a
sensitive port is opened for your sourcing ip and for only X number of
seconds before it's closed. Spa has more to offer than simple port
knocking and there are plenty of client options available. Is there a
reason more relay operators aren't using it?
It also seems that fail2ban is more favored than csf although the
features of additional login notifications and some password brute force
protection are similar. Are there reasons that a person would favor one
over the other? I'd like to mention that it seems the brute force
protection doesn't offer a lot of protection if the attack is
distributed and only 1 attempt is ever seen from a given ip. Still
better than nothing and all simply an additional layer with single
packet authentication enabled.
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays