Eugene Vilensky <evilensky at ...> writes: > > Hello, > > What is the best way to protect multiuser systems from brute force > attacks? I am setting up a relatively loose DenyHosts policy, but I > like the idea of locking an account for a time if too many attempts > are made, but to balance this with keeping the user from making a > helpdesk call. > > What are some policies/techniques that have worked for this list with > minimal hassle? > > Thanks! > > -Eugene > I found that moving sshd to listening on a non-standard port cut back significantly on the number of brute force attacks I was getting. Obviously, this doesn't do anything to really protect your system from a brute force attack. Some of the other response had some fairly good suggestions for preventing brute force attacks. I was seeing several such attacks each week and frequently more than one a day until I moved my ssh port. What this mainly does is cut down on the number of script-kiddie attacks. The problem is that the script-kiddie attacks cause so much noise that they potentially hide someone attacking you who you really need to be concerned about. If the port/service is open, you really want to be able to monitor it and cutting down on the noise helps. Cheers, Dave