Chris Hillman wrote:
Fail2ban sounds cool, what I do instead is disable password
authentication for ssh and use certificate based authentication. I
haven't had a system compromised since I've gone to doing this.

See
http://www.extrapepperoni.com/2007/03/24/tcossh-public-key-authenticatio
n/ if you're not familiar.  Works well.


Good idea.
I move SSH to a "high" port (something like 9277 instead of 22) and use really long passwords (usually phrases, like "maryhadalittlelambin2008" or some-such). It's not always set in stone on which computer I may try and SSH from, so this works for me. I also turn off root logins and login as a regular user. This forces me to 'su' to root to do anything major.
I haven't had any SSH script attempts in years either.

---------------------------------------------------------------------
    QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to