On Sat, 2007-05-26 at 09:17 -0400, Michael Klinosky wrote: > Even tho /some/ of the technical stuff eludes me, I've tried to follow > this thread. > > I set up ssh for myself (I own the machines); I haven't yet actually > made a connection (probably will this weekend). > > I'd like to know what threats exits for ssh - are there webpages that > discuss this? I *thought* that using an arbitrary port and putting > 'AllowUsers ...' into sshd_config would handle these things (along with > a password other than 'abcd' :) ). > The best thing I've found to protect against brute-force SSH attacks is something called fail2ban: http://www.fail2ban.org/wiki/index.php/Main_Page It watches your log files for failed attempts to gain access through services like SSH, VSFTPD, and Apache. If it sniffs trouble, it issues an IPTables command to ban the offending IP. The configuration files allow you to set the threshold for action as well as the punishment to dish out. It will even email you to let you know what has happened. You can find it in RPM form for RHEL and Fedora. I highly recommend it because it's simple and effective. Tom
