On Tuesday 25 March 2008 12:55, Rudi Ahlers wrote:
> Tim Alberts wrote:
> > So I setup ssh on a server so I could do some work from home and I
> > think the second I opened it every sorry monkey from around the world
> > has been trying every account name imaginable to get into the system.
> >
> > What's a good way to deal with this?
> >
> > _______________________________________________
> > CentOS mailing list
> > CentOS@xxxxxxxxxx
> > http://lists.centos.org/mailman/listinfo/centos
>
> 1. Change the default port
Is an option but a waste of time as a scanner will find the port it was moved
to.
> 2. use only SSH protocol 2
Agree
> 3. Install some brute force protection which can automatically ban an IP
> on say 5 / 10 failed login attempts
Fail2ban comes to mind.
> 4. ONLY allow SSH access from your IP, if it's static. Or signup for a
> DynDNS account, and then only allow SSH access from your DynDNS domain
I would suggest using keys for logins. No password needed and if the
connecting machine doesn't have the key they don't get a chance to guess at
the password.
The idea of only allowing for strict ip address is good but what if you are on
the move? Now you cannot log in either, but if you are using a key no matter
where you are you have access.
--
Regards
Robert
Smile... it increases your face value!
Linux User #296285
http://counter.li.org
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
