Rudi Ahlers wrote: > Tim Alberts wrote: >> So I setup ssh on a server so I could do some work from home and I >> think the second I opened it every sorry monkey from around the world >> has been trying every account name imaginable to get into the system. >> >> What's a good way to deal with this? >> >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> http://lists.centos.org/mailman/listinfo/centos >> > 1. Change the default port I could do that, but if they already know about it, a simple port scan and they'll probably find it again. Plus I gotta go tell all my client programs the new port and I don't know how to do that on most of them (what a hassle). > 2. use only SSH protocol 2 got it. > 3. Install some brute force protection which can automatically ban an > IP on say 5 / 10 failed login attempts The only software I know that could do this isn't supported anymore (trisentry) or is too confusing and I don't know it yet (snort). Suggestions? > 4. ONLY allow SSH access from your IP, if it's static. Or signup for a > DynDNS account, and then only allow SSH access from your DynDNS domain > Yeah my home account is on dynamic IP. I'd love to setup the firewall to only allow my home computer. You're talking about these guys? http://www.dyndns.com/ never used them before, but it looks like a good idea. Especially since it's free (for 5 hosts) if I read correctly.