On Tue, 2006-01-03 at 18:47 -0600, Jeff Vian wrote: > I acknowledge the flaws, but it is better than leaving ssh open for > repeated attempts by the script kiddies. It is not the only solution to the brute force SSH attacks, it's a solution with major flaws, and there are other solutions without significant flaws. Moving the SSH port number plus an iptables-based rate limiter should be just as effective without the drawback of revealing account names. Seriously, it's a basic computer security law. The external behavior of the system should not depend in any way on the account name being probed. -- Florin Andrei http://florin.myip.org/
