[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] List of Relays' Available SSH Auth Methods

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] List of Relays' Available SSH Auth Methods
From: tor-exit0 <tor-exit0@xxxxxxxxxxxxxxx>
Date: Tue, 18 Nov 2014 12:06:36 -0700
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 18 Nov 2014 14:13:31 -0500
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=intersafeit.com; s=default; t=1416337598; bh=VMmsNbhaL5QIEZju3qT426M2+DprPncwLm5oZVs7ZzI=; h=Date:From:To:Subject:References:In-Reply-To:From; b=m9oCP0VCll8pFYpHWDXSWiTxH2k+GwCG2qc94NZ9ihFufH7CS1BjGtyFvO5iC/s9l vSBSSyTbtwdCpi20Icjb5t3RqnySI5Xk9FrTgUikAY1heXViylXvv1764SLF0fbIoI rZCvrgslaxBpnnGlTtyQMqNOauYnAoNLP88sNPc4=
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=intersafeit.com; s=default; t=1416337597; bh=VMmsNbhaL5QIEZju3qT426M2+DprPncwLm5oZVs7ZzI=; h=Date:From:To:Subject:References:In-Reply-To:From; b=RHZmc/Ss7uPsoEwqN82GFYrQuTMZ/MyAqb16ObBgo02wygzhJ5CBVyt7t19oYoEtq vW/7NpTGPm/0ScLR7LVn55qeeJNjlMPufmxKbtt2e+sT1PolJPzu86E9EoxOO8Hrc+ fa12i6QxTo9VD5q0PfP3UgtrbBlLaKfY3s5scMbw=
In-reply-to: <546B81B0.7060502@xxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <546B6131.5060103@xxxxxxxxxxx> <546B6597.7050909@xxxxxxxxx> <546B70B2.7020805@xxxxxx> <CAKCAbMi6w8P_f6VT01B25NVcJUtt5G_na9tF4iNd8FBrMFW+Yw@xxxxxxxxxxxxxx> <546B81B0.7060502@xxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0

On Tue, Nov 18, 2014 at 10:09:37AM -0500, Libertas wrote:
> Hi, everyone. Linked below is a list of relays that were live last night
> along with the SSH authentication methods they support:
[snip]
> Generally, it is far more secure to allow only public key auth.

Nobody has mentioned using single packet authentication via fwknopd. I
get the warm fuzzies when one must pass this this challenge before a
sensitive port is opened for your sourcing ip and for only X number of
seconds before it's closed. Spa has more to offer than simple port
knocking and there are plenty of client options available. Is there a
reason more relay operators aren't using it?

It also seems that fail2ban is more favored than csf although the
features of additional login notifications and some password brute force
protection are similar. Are there reasons that a person would favor one
over the other? I'd like to mention that it seems the brute force
protection doesn't offer a lot of protection if the attack is
distributed and only 1 attempt is ever seen from a given ip. Still
better than nothing and all simply an additional layer with single
packet authentication enabled.
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] List of Relays' Available SSH Auth Methods
  - From: Libertas
- Re: [tor-relays] List of Relays' Available SSH Auth Methods
  - From: Jeroen Massar
- Re: [tor-relays] List of Relays' Available SSH Auth Methods
  - From: Toralf FÃrster
- Re: [tor-relays] List of Relays' Available SSH Auth Methods
  - From: Zack Weinberg
- Re: [tor-relays] List of Relays' Available SSH Auth Methods
  - From: Toralf FÃrster

Prev by Author: Re: [tor-relays] doc/HARDENING Draft
Next by Author: Re: [tor-relays] doc/HARDENING Draft
Previous by thread: Re: [tor-relays] List of Relays' Available SSH Auth Methods
Next by thread: Re: [tor-relays] List of Relays' Available SSH Auth Methods
Index(es):
- Author
- Thread