ssh Access from the internet
Richard Weait
richard-gNTHUr35LhcAvxtiuMwx3w at public.gmane.org
Tue May 13 14:10:28 UTC 2008
On Tue, 2008-05-13 at 09:54 -0400, Robert Brockway wrote:
> On Mon, 12 May 2008, Ansar Mohammed wrote:
>
> > I am getting increasingly annoyed with the random bots brute forcing ssh on
> > my public IPs. What do you guys use?
>
> Hi Ansar. As others have noted allowing only PKI authentication (ie,
> disabling password access) is an effective approach. I never allow
> password access to ssh from public IP addresses - brute force attacks
> cannot succeed.
>
> This way you are safe unless there is a serious security exploit in
> OpenSSH itself, and it is quite likely the most highly audited app on your
> Linux box.
And yet, there can still be trouble.
[SECURITY] [DSA 1571-1] New openssl packages fix predictable random
number generator
http://lists.debian.org/debian-security-announce/2008/msg00152.html
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list