Re: IPTABLES question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Michael Yep wrote:
> I have been blocking some IPs because they are brute forcing my ssh
> port. I access this server from many different places so I cant
> really just add a few hosts.  I'm talking about 36000 attempts in a
> short time from some IP addresses

You could run ssh on a different port.  That stops the bulk of any
automated bots that try to find weak passwords.

Also, if you don't already, lock out all password based authentication
and require valid key based auth.  Then only allow a few specific
users.  Finally, sleep restfully at night knowing the odds of someone
hitting your non-standard ssh port, guessing one of the small number
of valid accounts (root not being one of them), AND having the correct
private key to get in are infinitesimal.

- -- 
Todd        OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp
======================================================================
The more you complain, the longer God lets you live.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl.

iG0EARECAC0FAkS9QAcmGGh0dHA6Ly93d3cucG9ib3guY29tL350bXovcGdwL3Rt
ei5hc2MACgkQuv+09NZUB1rgMQCg84iHk+gkRslntRKjCKxDO4XSr+EAoPKHOATz
5obT6ibnF5Xp2JHQ/1QI
=CJ3s
-----END PGP SIGNATURE-----


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux