On December 4, 2008, Christian Franke wrote: > I just don't see what blocking ssh-bruteforce attempts should be good > for, at least on a server where few _users_ are active.
Considering how much creative paranoia I've exposed in this thread it might come as a surprise, but I do agree with the above statement. Strong passwords (or key-only authentication) would prevent brute-force attacks from being successfull. The only thing that is semi-usefull side-effect is that you can identify compromised machines and deny ANY type of traffic from them preventing possible DoS launched against you. But then IPs are so easy to spoof :) Balance is what makes sysadmin comfortable enough and doesn't compromise usability of the server, so everybody decides for themselves. OP obviously wants that "extra" layer of protection and notification so with a bit of creativity and some external tools it's possible to achieve. As long as he doesn't forget about other aspects of security - he should do just fine with all those extra measures :) -- Dmitry Makovey Web Systems Administrator Athabasca University (780) 675-6245
signature.asc
Description: This is a digitally signed message part.