On Wednesday 27 February 2008, Remy Blank wrote: > Steve wrote: > > I'm one of the (many) people who has opportunists trying usernames > > and passwords against SSH... while every effort has been made to > > secure this service by configuration; strong passwords; no root > > login remotely etc. I would still prefer to block sites using > > obvious dictionary attacks against me. > > The best advice I can give is to use public key authentication only. > This will defend against all dictionary-based attacks, which is what > you describe. > > The only remaining "problem" is that your log files will be filled > with unsuccessful login attempts. A simple solution is to run sshd on > a non-standard, high-numbered port, e.g. in the 30'000. Bots only ever > try to connect on port 22. This will *not* improve the protection of > your server, but it will avoid having your logs spammed.
Agreed. For me, changing the port SSH listens on alone eliminated 99% of brute force attempts. I also agree on public key authentication. Depending on the OP's needs and context), he might also be interested in portknocking (no flames please :-)). -- [email protected] mailing list
