On Thu, 30 Dec 2004 21:19:35 +0800, chi <chi@xxxxxxxxxxxxxxxxxx> wrote:
>i discover sometime there is a people try to login my sshd server in my
>home , he try many time.
>is there exist something protect my computer?
>for example, can sshd do if a ip try to login fail 5 time in certain
>period. then it block it?
>thx
I assume this is the usual attempt to login as guest, admin, etc.?
I did three things.
1) I edited /etc/ssh/sshd_config to add port 2222 to the ports sshd uses:
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
Port 22
# allow 2222 for external access
Port 2222
2) I changed my firewall rules so port 22 is open only to my local network
and 127.0.0.1. Port 2222 is open to the outside.
3) I created a group named "ssh-enabled" and added only those users who
should be able to use ssh to connect. root is not included. To login as
root, a user must login with his own ID and then su. That way, I have a record
of who became root when. This is at the end of /etc/sshd_config:
#
PermitRootLogin no
AllowGroups ssh-enabled
--
Steve
