[plug] firewalling ssh
hooker at iinet.net.au
hooker at iinet.net.au
Tue Jan 9 15:25:23 WST 2007
Quoting Adrian Woodley <Adrian at ScreamingRoot.org>:
> On Tue, 09 Jan 2007 09:42:16 +0900, Bernd Felsche
> <bernie at innovative.iinet.net.au> wrote:
>
> > It's a shared secret; just like a password. You can explain exactly
> > *how* it works so it's not oscurity that's the protection; it's the
> > port numbers and the sequence in which they're knocked.
>
> Yes, but most security experts would agree that access should be granted
> based on "something you have and something you know". In this case the
> something you have is your private ssh key and the something you know is the
> password to unlock it.
And the port sequence can also legitimately be viewed as "something you know".
So you need to know one thing to be allowed to authenticate, and a second to
actually succeed. Sounds more secure to me.
Hook
More information about the plug
mailing list