Not long ago, Adam Findley proclaimed... > So I am getting hit by ssh bots like crazy. It seems that they have > discovered my ssh server. Anywho, while they are not getting in, they > are killing my bandwidth. There is this article I found that after 15 > failed attempts it adds your ip to a block list. While this sounds like > a great solution, it is based on BSD. Does anyone know of a linux solution?
The absolute best way to avoid being compromised by these bots is to
configure your SSH server (see /etc/ssh/sshd_config) to not accept password
authentication and to only allow users to authenticate using public key
encryption (RSA or DSA).
PasswordAuthentication no
This is an excellent way of locking down a private system like your home
machine, but not so good for securing a system that many people need SSH
access to.
We use DenyHosts (already recommended) on a couple servers that absolutely
have to have SSH accessible publicly and need to allow password
authentication. The new daemon mode is nice. I like it better than running
the script every 20 minutes from cron.
-=Fozz
--
[EMAIL PROTECTED] is Doran L. Barton, president/CTO, Iodynamics LLC
Iodynamics: IT and Web services by Linux/Open Source specialists
"The Civil War began in 1830. Many soldiers repeatedly gave their lives
for their country. "
-- Seen in a school report
pgpIjv6ILxcHw.pgp
Description: PGP signature
/* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
