On 9/2/05, Alan Porter <[EMAIL PROTECTED]> wrote: > > Two things: > > (1) > > Check out DenyHosts - it's a small python script that scrapes your > authentication logs and populates /etc/hosts.deny based on failed > login attempts. http://denyhosts.sourceforge.net/ > > (2) > > If shutting off root ssh access seems too drastic, you can restrict > root ssh logins from specific IP's. Like this: > > # /etc/ssh/sshd_config > # The following notation is misleading: [EMAIL PROTECTED] means > # any user from 'machine' can try to log in here as root. > PermitRootLogin yes > AllowUsers user1 user2 [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL > PROTECTED]
Another thing you might consider is to totally turn off ssh password authentication and use public key authentication instead. Google for "ssh keys howto" will turn up lots of help in how to do this. The down side is that you need public/private key pairs for each host and client. The upside is that for valid clients, once you've set them up with a little help with ssh key management (google ssh keychain), the client user only needs to enter his keys passphrase once for a session in order to get quick ssh access to any hosts he has registered keys with. The O'Reilly "Linux Server Hacks" book has a lot of good stuff on how to setup ssh to make it both secure and convenient for legitimate users. -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
