eculp wrote: > Quoting sk_at_elegosoft.com: > >> mornin' >> >> Rich Healey wrote: >>>> Recently I'm getting a lot of brute force attempts on my server, in the >>>> past I've used various tips and tricks with linux boxes but many of >>>> them >>>> were fairly linux specific. >> >> >> disable pasword authentication OR use very strong passwords (24 chars) >> OR use OTP >> >> if it is applicable you could limit access by hosts (from=) >> >> nothing of the above is linux or BSD specific >> >> btw. Software to delay Login Attempts could be tricked. >> >>> Personally I find that changing the port to anything other than 22 stops >>> a lot of the skiddie brute force attacks. Thats not to say you >>> shouldn't use something else as well - but it is something. >> >> it works for one of my servers too, but is security by obscurity > > It worked for me also but in addition I have started accepting ssh from > only known ip's but I always have a server with a known ip that uses an > alternative port for ssh that I can access from, lets say an internet > cafe or like, and then triangle to the server that I'm really interested > in. Hope that makes some sense. > you can configure ssh to listen on two ports Port 22 Port 23456 then use pf or other to allow 22 from trusted hosts and the other port from anywhere (except maybe networks you don't "like"). if OP was thinking about the "recent" module of iptables, then pf can do that: http://www.bgnett.no/~peter/pf/en/bruteforce.html If only few users can ssh, then it's worth creating a specific group and only allowing users in this group (AllowGroups). A google search will show enough stuff to get busy for few days ;-pReceived on Sun Oct 05 2008 - 16:49:00 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:36 UTC