On Sun, 18 Sep 2005, Brian Parish wrote: > Yes, I see that on all our servers. Not much more than an annoyance unless > you have stupidly obvious passwords, but annoying for sure. On customer > servers that don't require access from the everywhere and anywhere I just > configure hosts.allow and hosts.deny to drop traffic from all but known > addresses, but this is of course not an option for a webserver or whatever. > > There have been lots of discussions on various lists about handling these > brute force ssh scripts, with various strategies for having iptables rules > limit login attempts after three unsuccessful attempts, but I've seen as many > "it didn't work for me" posts as "do it this way" and not being a firewall > guru, I've sat on the fence so far.
Several strategies to increase security but it depends on how people access the server. For example, if noone needs ssh access except you, you could add a firewall rules that only allows access from your IP. Another option is to generate a key and setup authentication via key - you can then configure ssh to do only key authentication (this will stop the basic brute-force password attacks right away). For people who need scp/sftp (but not full shell access) you could set their login shell to use rssh instead. Many ways to skin a cat and all that... -- -- gentoo-user@gentoo.org mailing list
