Scott Harney wrote: pardon my incredibly sloppy english. trying to do too many things at once.
> Some of you running ssh on externally reachable have probably noticed > numerous attempts in the past few months to log in to various accounts > via ssh. This is apparently a brute force automated attack trying > well-known account names, weak passwords, etc. One way to mitigate this > is to make sure you're using strong passwords and changing them with > some regularity. But can you be sure all your users are doing the same? > > If you can, you probably should limited ssh access to specific hosts, > but this is often impossible and might not stop determined spoofing > attacks. If you can, you should probably limit ssh authentication to > using RSA/DSA keys instead of password-based login. See > http://marc.theaimsgroup.com/?l=openbsd-misc&m=110367957829708&w=2 for > info. > > You may still want to block attack attempts, though, and convince > automated attack scripts to stop trying. Some OpenBSD folks posted > scripts to check /var/log/authlog for attacks and add those IPs to a pf > firewall filter table dynamically. Not all of my machines with a > reachable ssh are OpenBSD but they all run tcp wrappers. So I modified > those same scripts to dynamically add attack source IPs to > /etc/hosts.deny . You can find more my script at > http://www.scottharney.com/blog/2005/01/03#ssh_blocker_wrap-sh > > -- Scott Harney <[EMAIL PROTECTED]> "Asking the wrong questions is the leading cause of wrong answers" gpg key fingerprint=7125 0BD3 8EC4 08D7 321D CEE9 F024 7DA6 0BC7 94E5
