Hi, > > I seem to be subjected to a dictionary attack. > > It's been going on for several months now. Must be some kind of worm > out there, but it's harmless provided you take some precautions. I didn't think it was that serious. In all the time I've run linux systems, I've had one intrusion and that was down to me leaving (effectively) a back door the size of a house open (I was younger at the time!) > > Should I be overly worried? I've closed ssh on my router, so that's one > > line of defence in the way :-) > > > > And that probably covers it all. If you need ssh enabled on an > internet connected host, I would recommend at least one, maybe all of > the following: > > 1) Allow rsa key logins only. > 2) Restrict by IP address, if possible. > 3) Restrict by username if possible. > 4) Run sshd on a port other than 22. > 5) Use port knocking if you are really paranoid. (Though that hasn't > had enough field testing to trust it as the only security measure, > for sure.) Is there a simple to follow howto on all of these? TTFN Paul -- "He's not the Messiah, he's a very naughty boy!" - Life of Brian, Monty Python
Attachment:
signature.asc
Description: This is a digitally signed message part