[Gllug] ssh brute force attacks

[Ryan Cartwright]

2008/12/8 Anthony Newman <anthony.newman at ossified.net>:
> Ryan Cartwright wrote:
>> I have been known to restrict ssh to a single user that is only there
>> for ssh in. Then I can su from there once I am in. Again depending
>> upon my paranoia level, the username for this account is sometimes not
>> recognisable as a "real" word. So it's more likely to be something
>> like "agk4t93" than "ryan". Not that a brute force is incapable of of
>> attempting such combinations of characters but IME they tend to try
>> those as passwords rather than usernames.
>
>
> Do you also sleep with one eye open?

<grin> Only if it's required. As said not all of that finds its way
into my setup unless I am being really paranoid. What that means is
that the amount of hurdles I put in is directly related to the public
profile of the server and the content on it. Often that means just me
having access with a key and a password. Sometimes it does require
more. Just once has it required all the measures listed above and that
was more to satisfy the client than my paranoia.

cheers
Ryan
-- 
Ryan Cartwright
Equitas IT Solutions
http://www.equitasit.co.uk
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug