[CentOS] protecting multiuser systems from bruteforce ssh attacks

Oliver Ransom oliver at ransom.com.au
Fri Aug 21 01:42:35 UTC 2009


On 21/08/2009, at 5:44 AM, Eugene Vilensky wrote:

> Hello,
>
> What is the best way to protect multiuser systems from brute force
> attacks?  I am setting up a relatively loose DenyHosts policy, but I
> like the idea of locking an account for a time if too many attempts
> are made, but to balance this with keeping the user from making a
> helpdesk call.
>
> What are some policies/techniques that have worked for this list with
> minimal hassle?

As an additional question to the above, would forcing users to log in  
with SSH keys rather than passwords avoid requiring any anti brute  
force attack measures to be put in place?

Thanks,
Oliver

>
> Thanks!
>
> -Eugene
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos




More information about the CentOS mailing list