On Tuesday 25 March 2008 12:55, Rudi Ahlers wrote:
Tim Alberts wrote:
So I setup ssh on a server so I could do some work from home and I think the second I opened it every sorry monkey from around the world has been trying every account name imaginable to get into the system.
What's a good way to deal with this?
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
- Change the default port
Is an option but a waste of time as a scanner will find the port it was moved to.
- use only SSH protocol 2
Agree
- Install some brute force protection which can automatically ban an IP
on say 5 / 10 failed login attempts
Fail2ban comes to mind.
- ONLY allow SSH access from your IP, if it's static. Or signup for a
DynDNS account, and then only allow SSH access from your DynDNS domain
I would suggest using keys for logins. No password needed and if the connecting machine doesn't have the key they don't get a chance to guess at the password.
The idea of only allowing for strict ip address is good but what if you are on the move? Now you cannot log in either, but if you are using a key no matter where you are you have access.