Thank you jiggim, you are right.
This time I had understood this before you told me, but I understand from what I had written one could be in doubt.
a) I have enforced no password login, only with key
b) It bothers me to see so many Chinese ip trying to get in.
c) I am quit disappointed in sshguard failing to ban these.
d) It could in the further be found a critical security bug in OpenSSH, if these Chinese ip where blocked buy pf, they would not reach OpenSSH.
e) You are right in Theory, 100 % secure with key, but I think in reality bugs exist, and therefor it would be better if attacker where stopped at the firewall, rather then the service.
|