lars wrote: > Either you > 1 configure SSH to only allow logins from certain hostnames or > IP addresses or for certain users, and/or > > 2 install a program to watch your logfiles and modify > your firewall rules dynamically according to specified > triggers, > like /usr/ports/security/denyhosts, and/or > > 3 choose strong passwords or -phrases and not care
You forgot:
4 Use SSH key based auth exclusively. Turn off all of the password
stuff in sshd_config. Laugh at the poor fools trying to break in.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
signature.asc
Description: OpenPGP digital signature
