limit ssh attempts
Fraser Campbell
fraser-eicrhRFjby5dCsDujFhwbypxlwaOVQ5f at public.gmane.org
Wed Nov 30 00:24:28 UTC 2005
lfeder wrote:
> I though about accepting ssh from only specific IPs. However this would
> prevent remote logins from a new location. Any you know how that is. Just
> when you absolutely need to login remotely, your own server locks you out.
Yup, was in Scotland this summer and couldn't access my email because of
a restriction that I'd put in place, I've since stopped doing that for
most things.
> So I figured on plan B. To limit the amount of bad SSH attempts. I used to
> see hundreds of bad sshd attempts on all kinds of servers. No one needs
> this. Thus I found these iptables that prevent multiple ssh attempts and
> DROP them like a bad habit.
I like this idea.
> I always make important passwords with a lot of alphanumerics.
> I don't think uppercase/lowercase and all kinds of complexity is that
> important, rather just keep it out of the normal dictionary
>
> As always, I welcome feedback and improvements.
In addition, why not:
- run SSH on an alternate port, few (if any) scripts will bother
checking obscure ports for an ssh server
- only allow authentication with SSH keys. USB keys are dirt cheap and
an easy way to make sure you always have your key
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list