Re: [CentOS] protecting multiuser systems from bruteforce ssh attacks

2009-08-21 Thread Kai Schaetzl
Oliver Ransom wrote on Fri, 21 Aug 2009 11:12:35 +0930: As an additional question to the above, would forcing users to log in with SSH keys rather than passwords avoid requiring any anti brute force attack measures to be put in place? Regarding SHH: yes. Nevertheless, you will want to

Re: [CentOS] protecting multiuser systems from bruteforce ssh attacks

2009-08-21 Thread J.Witvliet
-Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Eugene Vilensky Sent: Thursday, August 20, 2009 10:15 PM To: CentOS mailing list Subject: [CentOS] protecting multiuser systems from bruteforce ssh attacks Hello, What is the best way

Re: [CentOS] protecting multiuser systems from bruteforce ssh attacks

2009-08-21 Thread David G . Miller
Eugene Vilensky evilen...@... writes: Hello, What is the best way to protect multiuser systems from brute force attacks? I am setting up a relatively loose DenyHosts policy, but I like the idea of locking an account for a time if too many attempts are made, but to balance this with

[CentOS] protecting multiuser systems from bruteforce ssh attacks

2009-08-20 Thread Eugene Vilensky
Hello, What is the best way to protect multiuser systems from brute force attacks? I am setting up a relatively loose DenyHosts policy, but I like the idea of locking an account for a time if too many attempts are made, but to balance this with keeping the user from making a helpdesk call. What

Re: [CentOS] protecting multiuser systems from bruteforce ssh attacks

2009-08-20 Thread Ron Loftin
On Thu, 2009-08-20 at 15:14 -0500, Eugene Vilensky wrote: Hello, What is the best way to protect multiuser systems from brute force attacks? I am setting up a relatively loose DenyHosts policy, but I like the idea of locking an account for a time if too many attempts are made, but to

Re: [CentOS] protecting multiuser systems from bruteforce ssh attacks

2009-08-20 Thread Kai Schaetzl
Eugene Vilensky wrote on Thu, 20 Aug 2009 15:14:58 -0500: What is the best way to protect multiuser systems from brute force attacks? I am setting up a relatively loose DenyHosts policy, but I like the idea of locking an account for a time if too many attempts are made, but to balance this

Re: [CentOS] protecting multiuser systems from bruteforce ssh attacks

2009-08-20 Thread Hodja Nasredin
Hi, fail2ban is good choice, not only for ssh. bye On 20.8.2009, at 23:31, Kai Schaetzl wrote: Eugene Vilensky wrote on Thu, 20 Aug 2009 15:14:58 -0500: What is the best way to protect multiuser systems from brute force attacks? I am setting up a relatively loose DenyHosts policy, but I

Re: [CentOS] protecting multiuser systems from bruteforce ssh attacks

2009-08-20 Thread Oliver Ransom
On 21/08/2009, at 5:44 AM, Eugene Vilensky wrote: Hello, What is the best way to protect multiuser systems from brute force attacks? I am setting up a relatively loose DenyHosts policy, but I like the idea of locking an account for a time if too many attempts are made, but to balance this