[CentOS] Ideas for stopping ssh brute force attacks

Tue Jul 22 16:57:45 UTC 2008
MHR <mhullrich at gmail.com>

On Tue, Jul 22, 2008 at 8:16 AM, David Dyer-Bennet <dd-b at dd-b.net> wrote:
>
> The next step up from that is some form of "port knocking" scheme -- where
> the outsider must first attempt to connect to some particular *other* port
> to trigger ssh to be ready to listen on the (non-standard) SSH port.
>
> On the other hand, why are people so worried about SSH scans?  I'm worried
> about who actually gets in, not who connects to the port.  Strong password
> quality enforcement, or maybe requiring public-key authentication, seem
> like a more useful response.  (I'm seeing a lot of failed ssh connects
> myself right now.  Another system here has been blocking every /24 we get
> a failed connect from, with the result that they had to add a special rule
> to let my home systems log in!  This could easily result in my being
> unable to get in from arbitrary locations in the field in an emergency,
> which seems not good.)

You have, perhaps, heard of denial-of-service attacks?

mhr