Rudi Ahlers wrote:
Tim Alberts wrote:
So I setup ssh on a server so I could do some work from home and I
think the second I opened it every sorry monkey from around the world
has been trying every account name imaginable to get into the system.
What's a good way to deal with this?
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
1. Change the default port
I could do that, but if they already know about it, a simple port scan
and they'll probably find it again. Plus I gotta go tell all my client
programs the new port and I don't know how to do that on most of them
(what a hassle).
2. use only SSH protocol 2
got it.
3. Install some brute force protection which can automatically ban an
IP on say 5 / 10 failed login attempts
The only software I know that could do this isn't supported anymore
(trisentry) or is too confusing and I don't know it yet (snort).
Suggestions?
4. ONLY allow SSH access from your IP, if it's static. Or signup for a
DynDNS account, and then only allow SSH access from your DynDNS domain
Yeah my home account is on dynamic IP. I'd love to setup the firewall
to only allow my home computer. You're talking about these guys?
http://www.dyndns.com/ never used them before, but it looks like a good
idea. Especially since it's free (for 5 hosts) if I read correctly.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
