I have used all of the above in the past and frankly, I got lazy and just
let fail2ban handle things for me - hard blocking an IP address for a set
period of time works well to discourage and remove your IP from botnets.
If I ever get overly concerned, I lock the port down to only accessible from
our corporate network and vpn in that way.
--------------------------------------------------
From: "Jake Vickers" <[EMAIL PROTECTED]>
Sent: Tuesday, November 18, 2008 10:01 AM
To: <[email protected]>
Subject: Re: [qmailtoaster] Fail2Ban on CentQMT5.1.1
Chris Hillman wrote:
Fail2ban sounds cool, what I do instead is disable password
authentication for ssh and use certificate based authentication. I
haven't had a system compromised since I've gone to doing this.
See
http://www.extrapepperoni.com/2007/03/24/tcossh-public-key-authenticatio
n/ if you're not familiar. Works well.
Good idea.
I move SSH to a "high" port (something like 9277 instead of 22) and use
really long passwords (usually phrases, like "maryhadalittlelambin2008" or
some-such). It's not always set in stone on which computer I may try and
SSH from, so this works for me. I also turn off root logins and login as a
regular user. This forces me to 'su' to root to do anything major.
I haven't had any SSH script attempts in years either.
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]