Hi,
In addition to the deny hosts approach, I would move the ssh port to
somewhere else.
The firewall should open some other port (a random number you like
and can remember, say 4242) and port forward that to port 22 of the
recipient box.
Consequently, anyone who checks port 22 of every ip address won't get a
response back from your box and will move on.
yes yes, this is security by obscurity, (which is a poor form security),
but it is a start in the right direction. It will cut down on the number
of attacks on your box.
If you edit (on the box making the link) the .ssh/config file you can add
entries like:
Host dereksbox.dyndns.org
port 4242
which means that you can do
ssh dereksbox.dyndns.org
and not have to specify the port in use.
Otherwise, it is
ssh -p 4242 dereksbox.dyndns.org
Cheers,
Derek.
On Fri, 12 Mar 2010, Steve Holdoway wrote:
On Fri, 2010-03-12 at 00:56 +1300, Hadley Rich wrote:
On Thu, 2010-03-11 at 21:55 +1300, Steve Holdoway wrote:
no - still being prompted for a password...
A denied or not allowed user will still get prompted for a password, it
will just never work.
hads
Denyhosts adds addresses to /etc/hosts.deny. This will drop the
connection before password requests iirc.
Steve
--
Derek Smithies Ph.D.
IndraNet Technologies Ltd.
ph +64 3 365 6485
Web: http://www.indranet-technologies.com/
"How did you make it work??"
"Oh, the usual, get everything right".
