Re: [CentOS] protecting multiuser systems from bruteforce ssh attacks

2009-08-21 Thread David G . Miller
Eugene Vilensky writes: > > Hello, > > What is the best way to protect multiuser systems from brute force > attacks? I am setting up a relatively loose DenyHosts policy, but I > like the idea of locking an account for a time if too many attempts > are made, but to balance this with keeping the

Re: [CentOS] protecting multiuser systems from bruteforce ssh attacks

2009-08-21 Thread J.Witvliet
-Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Eugene Vilensky Sent: Thursday, August 20, 2009 10:15 PM To: CentOS mailing list Subject: [CentOS] protecting multiuser systems from bruteforce ssh attacks Hello, What is the best way to

Re: [CentOS] protecting multiuser systems from bruteforce ssh attacks

2009-08-21 Thread Kai Schaetzl
Oliver Ransom wrote on Fri, 21 Aug 2009 11:12:35 +0930: > As an additional question to the above, would forcing users to log in > with SSH keys rather than passwords avoid requiring any anti brute > force attack measures to be put in place? Regarding SHH: yes. Nevertheless, you will want to h

Re: [CentOS] protecting multiuser systems from bruteforce ssh attacks

2009-08-20 Thread Oliver Ransom
On 21/08/2009, at 5:44 AM, Eugene Vilensky wrote: > Hello, > > What is the best way to protect multiuser systems from brute force > attacks? I am setting up a relatively loose DenyHosts policy, but I > like the idea of locking an account for a time if too many attempts > are made, but to balance

Re: [CentOS] protecting multiuser systems from bruteforce ssh attacks

2009-08-20 Thread Hodja Nasredin
Hi, fail2ban is good choice, not only for ssh. bye On 20.8.2009, at 23:31, Kai Schaetzl wrote: > Eugene Vilensky wrote on Thu, 20 Aug 2009 15:14:58 -0500: > >> What is the best way to protect multiuser systems from brute force >> attacks? I am setting up a relatively loose DenyHosts policy, bu

Re: [CentOS] protecting multiuser systems from bruteforce ssh attacks

2009-08-20 Thread Kai Schaetzl
Eugene Vilensky wrote on Thu, 20 Aug 2009 15:14:58 -0500: > What is the best way to protect multiuser systems from brute force > attacks? I am setting up a relatively loose DenyHosts policy, but I > like the idea of locking an account for a time if too many attempts > are made, but to balance thi

Re: [CentOS] protecting multiuser systems from bruteforce ssh attacks

2009-08-20 Thread Ron Loftin
On Thu, 2009-08-20 at 15:14 -0500, Eugene Vilensky wrote: > Hello, > > What is the best way to protect multiuser systems from brute force > attacks? I am setting up a relatively loose DenyHosts policy, but I > like the idea of locking an account for a time if too many attempts > are made, but to

[CentOS] protecting multiuser systems from bruteforce ssh attacks

2009-08-20 Thread Eugene Vilensky
Hello, What is the best way to protect multiuser systems from brute force attacks? I am setting up a relatively loose DenyHosts policy, but I like the idea of locking an account for a time if too many attempts are made, but to balance this with keeping the user from making a helpdesk call. What