-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/02/2014 09:11 PM, Manuel Wolfshant wrote: > Incidentally I am a fan of using iptables (recent match) to limit > the number of admissible attempts from any given IP to connect to > sshd ( yes, I know, it has nothing to do with the initial concern > you raised ) FWIW, I think this is an equally fair approach, in that e.g. a dozen attempts makes sense to block against -- if a user has 12 failed attempts, they are misremembering their password and need to do a recovery via another sysadmin. Honestly probably a better approach than STO via changing to unassigned privileged port. - -- Karsten 'quaid' Wade .^\ CentOS Doer of Stuff http://TheOpenSourceWay.org \ http://community.redhat.com @quaid (identi.ca/twitter/IRC) \v' gpg: AD0E0C41 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlQuOOoACgkQ2ZIOBq0ODEHWCACghGkJwVXG0Ke4yrs7nRF87BGF X78AoJVdrzjm72+pyncl5GYe/CHkcPvc =/F20 -----END PGP SIGNATURE-----