[CentOS] Failed attempts

Tue Nov 28 10:55:44 UTC 2017
Peter Eckel <lists at eckel-edv.de>

Hi Valeri, 

> Good luck! Use strong passwords (passphrase I call it when I talk to my
> users), especially for root account.

if possible: Do not use passwords at all. Disable password login, and replace by SSH private/public key authentication, and, again if possible, with OTP (two factor authentication) on top. 

All the other hints (disallow root access via SSH, use strong passwords, port knocking, different ports etc.) just put the hurdle a bit higher but do not solve the underlying problem: Password authentication is weak by design, as it relies on the well-behaviour of users. Don't restrict their passwords and they'll use simple ore easily-guessible ones. Restrict them and they will write them down. 

Cheers, 

  Pete.