[Gllug] ssh brute force attacks
James Holland
holland.james at yahoo.co.uk
Mon Dec 8 16:02:24 UTC 2008
On Mon, 2008-12-08 at 15:48 +0000, Alain Williams wrote:
> Distributed ssh brute force attacks are on the rise, according to el reg:
>
> http://www.theregister.co.uk/2008/12/08/brute_force_ssh_attack/
>
> I use an iptables blocker (max 3 attempts in 3 minutes) that would be defeated by this.
>
> I also restrict *who* can login over ssh.
>
> What other means do you use to increase ssh security ?
>
> I don't really see the point of running ssh on anything other than port 22 - that
> would be defeated with a port scan.
I always change the port and this *always* cuts out attempted logins
completely...
Also I stop root login, stop password logins and only have public key
logins and normally set hosts.deny
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list