I have used all of the above in the past and frankly, I got lazy and just let fail2ban handle things for me - hard blocking an IP address for a set period of time works well to discourage and remove your IP from botnets.

If I ever get overly concerned, I lock the port down to only accessible from our corporate network and vpn in that way.

--------------------------------------------------
From: "Jake Vickers" <[EMAIL PROTECTED]>
Sent: Tuesday, November 18, 2008 10:01 AM
To: <[email protected]>
Subject: Re: [qmailtoaster] Fail2Ban on CentQMT5.1.1

Chris Hillman wrote:
Fail2ban sounds cool, what I do instead is disable password
authentication for ssh and use certificate based authentication. I
haven't had a system compromised since I've gone to doing this.

See
http://www.extrapepperoni.com/2007/03/24/tcossh-public-key-authenticatio
n/ if you're not familiar.  Works well.



Good idea.
I move SSH to a "high" port (something like 9277 instead of 22) and use really long passwords (usually phrases, like "maryhadalittlelambin2008" or some-such). It's not always set in stone on which computer I may try and SSH from, so this works for me. I also turn off root logins and login as a regular user. This forces me to 'su' to root to do anything major.
I haven't had any SSH script attempts in years either.

---------------------------------------------------------------------
    QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


---------------------------------------------------------------------
    QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to