On Fri Mar 28, 2008 07:47PM, Rudi Ahlers wrote: > Ray Leventhal wrote: >> James A. Peltier wrote: >>> Rudi Ahlers wrote: >>>> Tim Alberts wrote: >>>>> So I setup ssh on a server so I could do some work from home and >>>>> I think the second I opened it every sorry monkey from around the >>>>> world has been trying every account name imaginable to get into >>>>> the system. >>>>> >>>>> What's a good way to deal with this? >>>>> >>>>> _______________________________________________ >>>>> CentOS mailing list >>>>> CentOS at centos.org >>>>> http://lists.centos.org/mailman/listinfo/centos >>>>> >>>> 1. Change the default port >>>> 2. use only SSH protocol 2 >>>> 3. Install some brute force protection which can automatically ban >>>> an IP on say 5 / 10 failed login attempts >>>> 4. ONLY allow SSH access from your IP, if it's static. Or signup >>>> for a DynDNS account, and then only allow SSH access from your >>>> DynDNS domain >>>> >>> >>> Fail2Ban is a good brute force protector. It works in conjunction >>> with IPTables to block IPs that are "attacking" for a said duration >>> of time. :) >>> >>> >> I haven't used Fail2Ban, but I do like what I've been experiencing >> with apf[1] and sim[2]. The Reactive Address Blocking (RAB) feature >> in apf is a bit timesaver, but I expect Fail2Ban has something >> similar. apf is basically an easier (for me, anyway) of managing >> iptables. Manually banning an ip or block is as easy as adding it to >> the deny_hosts.rules file and restarting apf. RAB really helps, again >> imo. >> >> >> HTH, >> -Ray >> [1] http://rfxnetworks.com/apf.php >> [2] http://rfxnetworks.com/sim.php >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> http://lists.centos.org/mailman/listinfo/centos >> > Here's a quick howto for Suse10.3, but the principles stay the same. > Fail2Ban can be used for many other things as well, like FTP, MySQL, > SMTP, etc :) > I don't see the how-to... -- Cheers, Trey ---- Adversity is the trial of principle. Without it, a man hardly knows whether he is honest or not. --Henry Fielding Linux valkyrie 2.6.22.17-0.1-bigsmp i686 GNU/Linux 2:21pm up 19:37, 5 users, load average: 0.68, 0.68, 0.65