One other thing that I like to do is to move SSH to some port way off in the boondocks something like 3145. It of course is not the only thing you should do, but it does make for a good and easy to use first step. It pretty much stops the common dictionary attacker dead in their tracks. Another good option is to use a port knock daemon, so a series of ports must be pinged in a certain order before the SSH daemon even starts to listen. This way ONLY you know how to get in, even if your computer (which contains your keys), decides to go for a walk.
Sincerely, Steve /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
