[Nelug] Blocking brute-force ssh attacks
bobgroves at blueyonder.co.uk
Tue Aug 22 12:21:51 UTC 2006
On Thursday 10 August 2006 07:25, James Ogden wrote:
> Martin Ward wrote:
> > On Wednesday 09 Aug 2006 19:08, Stephen wrote:
> >> I've got mine set up to allow only 1 user and to require the correct ssh
> >> key, and disabled normal password authentication.
> > That stops them getting in, but it doesn't stop them banging on the door
> > for hours on end (which dropping all packets from their IP address does).
> My inelegant, insecure but highly effective solution to this was to run
> on a different port. It won't stop someone serious, of course, but it will
> filter out the random script kiddies
Can I echo James' comments? I also changed the ssh port and all the dictionary
attacks immediately disappeared. It certainly works, even if it's not a total
fix for the problem if you've got a determined attacker.
Bob Groves BA Hons (Ed) LCGI MInstLM MIITT MAPTT
General Secretary, Association of Part-Time Tutors (APTT)
Email: secretary at aptt.org.uk
Legal information with regard to this email can be viewed here:
APTT Website: http://www.aptt.org.uk
APTT, Wallsend Peoples Centre, Memorial Hall
Frank Street, Wallsend, Tyne & Wear NE28 6RN
Personal website: http://www.bobgroves.net
(Written using Kmail in GNU/Linux SUSE 9.3)
Random Interesting Quote of the Day:
When I was seven years old, I was once reprimanded by my mother for an act
of collective brutality in which I had been involved at school. A group of
seven-year-olds had been teasing and tormenting a six-year-old. "It is
always so," my mother said. "You do things together which not one of you
would think of doing alone." ... Wherever one looks in the world of human
organization, collective responsibility brings a lowering of moral standards.
The military establishment is an extreme case, an organization which seems
to have been expressly designed to make it possible for people to do things
together which nobody in his right mind would do alone.
-- Freeman Dyson, "Weapons and Hope"
More information about the Nelug