[Nelug] Blocking brute-force ssh attacks

Scott Wilcox sc0tt at x0f.org
Tue Aug 22 12:51:31 UTC 2006

I do the same thing here, works great.


bob wrote:
> On Thursday 10 August 2006 07:25, James Ogden wrote:
>> Martin Ward wrote:
>>> On Wednesday 09 Aug 2006 19:08, Stephen wrote:
>>>> I've got mine set up to allow only 1 user and to require the correct ssh
>>>> key, and disabled normal password authentication.
>>> That stops them getting in, but it doesn't stop them banging on the door
>>> for hours on end (which dropping all packets from their IP address does).
>> My inelegant, insecure but highly effective solution to this was to run
>> sshd
>> on a different port.  It won't stop someone serious, of course, but it will
>> filter out the random script kiddies
>> James
> Can I echo James' comments? I also changed the ssh port and all the dictionary 
> attacks immediately disappeared. It certainly works, even if it's not a total 
> fix for the problem if you've got a determined attacker.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.lug.org.uk/pipermail/durham/attachments/20060822/d1d0da40/attachment.htm 

More information about the Nelug mailing list