New to the list, so please forgive unintentional netiquette transgressions... On Mon, 12 Jan 2009 14:24:54 -0600 "James B. Byrne" <byrnejb at harte-lyne.ca> wrote: > Thanks for the help. I completely missed that error. > > <snip> > > throttle threshold of 15 seconds. I am still concerned about any > brute force attempt to discover the root password but, given no more > than four connections per minute is possible, just how concerned > should I be? > > <snip> > completely defeat the current throttle rules. Should I also throttle > the total number of new connections from all IPs? James, Throttling all connection attempts to SSH is probably a good idea. Discounting DoS or DDoS attacks, my solution to nefarious SSH attempts is threefold: 1) run sshd on a port other than 22 (I know, obscurity is not security...), 2) disable the root account (e.g., set the root password to '*' in /etc/shadow), and allow only sudo(1) access to privileged commands (this is the default on Ubuntu systems), and 3) disable password authentication in sshd_config and require all ssh users to log in using public key authentication. Probably other things one can do, but I think this is a good first step. Best, -David Klann -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: not available URL: <http://lists.centos.org/pipermail/centos/attachments/20090112/6413314e/attachment-0005.sig>