Tony Nelson <tonynelson@xxxxxxxxxxxxxxxxx> writes: > I suggest one of the secure ways to set up SSH: public key pair or > encrypted passwords. And only allow SSH 2. Public key should be simple > /enough/ to set up; your user would need to make a key with GPG and put the > private key in the right place (I think man ssh tells where) and give you > the public key to put in the right place. Just to save folks a bit of time, I wrote up a cheat sheet a while ago for technical folks that weren't really hard-core computer nerds and were struggling with sshd. http://www.wsrcc.com/wolfgang/sshd-config.html > With strong authentication, you don't need to care about probes anymore. > Just ignore them. Yup. Setting up real public-key authentication is several hundred orders of magnitude stronger against guessing attacks than changing the ssh portnumbers or adding bad hosts into some IP level filter table and hoping the attackers won't guess a good password before they run out of IP addresses to test from. (And yes, I did really mean hundreds of orders of magnitude. An attacker has 1 chance in 10**308 of guessing the 1024-bit public key on each try if they follow the same brute-force attack. Given a billion tests per second and the whole age of universe up to this time, we are still only talking a 1 in 10**281 chance.) -wolfgang -- Wolfgang S. Rupprecht http://www.wsrcc.com/wolfgang/
