Amos Shapira wrote: > > Possible ways to handle: > > 1. Change port as others suggested - works great for me. > 2. Make sure you can only authenticate using public/private keys. > 3. Install "denyhosts", which adds attacking IP's to /etc/hosts.deny > based on the sshd logs, also can synchronize info with other attacked > hosts. > 4. Use iptables to limit number of attempts from each IP. > 5. Use iptables to slow down connections from attackers (target "TARPIT"). > 6. Install a honeypot and send the results to central sites which > collect such info. 7. Open SSH port to the needed IP(s) only: If you _don't_ need to SSH in from "the world", you can limit access to the needed port based on the IP address, or a range of IPs. E.g: iptables -A INPUT -s $ALLOWED_IP_SSH -p TCP --dport $SSH_PORT -j ACCEPT
Boaz. > > That's all folks, > > --Amos >
