On Wed, 30 Mar 2011 09:22:44 +0200, Alexander Schrijver <alexander.schrij...@gmail.com> wrote: > On Wed, Mar 30, 2011 at 10:06:14AM +0300, Gregory Edigarov wrote: >> IMHO it is absolutelly useless, objections are: >> 1. You can limit connections using firewall. >> 2. You already have the feature by name "limiting the number of >> retries" >> 3. If you really want PROTECTION - you should turn off password >> authentication completelly and use RSA key with passphrase. >> >> On Wed, 30 Mar 2011 09:54:06 +0300 >> Mihai Militaru <mihai.milit...@xmpp.ro> wrote: > > It's a great way to keep someone out of their own system.
Obviously, if you do limit the number of connections using pf(4) (or some other firewall), you should maintain a whitelist of "good" IP's who are always allowed to connect. I myself protect my servers tcp/22 with pf(4) and I do maintain a whiltelist. It contains the IP of my default gateway and one more IP from a trusted network. That way, I can't lock me out. Besides, if you have remote servers, you should have out of band management (speaks: serial console!). If you don't, well then, Amateur I say! Cheers, Marian
