In the last episode (May 09), [EMAIL PROTECTED] said: > I would suggest using ssh with RSA key pairs and passphrases only. > Dont allow password based login or root login over ssh. Only allow > root to login using the console and use sudo for all admin tasks. > > I have not tried this myself but you could use tcpwrappers and write > a script to add the IP address from repeated failed messages to the > hosts.deny file. There are various scripts already written to do > this. A quick goggle search found this > http://security.linux.com/article.pl?sid=05/09/15/1655234 (its about > linux but I am sure the same approach applies to FreeBSD.)
Some more links on securing ssh from password attacks: http://la-samhna.de/library/brutessh.html http://bsdwiki.com/wiki/Blocking_repeated_failed_login_attempts_via_SSH -- Dan Nelson [EMAIL PROTECTED] _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
