Re: howto block ssh brute-force

To: debian-security@lists.debian.org
Subject: Re: howto block ssh brute-force
From: Christoph Moench-Tegeder <cmt@burggraben.net>
Date: Sun, 12 Mar 2006 13:51:48 +0100
Message-id: <[🔎] 20060312125148.GA891@elch.haidundneu23.net>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 385d1e010603112350g5c11a3b1ha21ed67f5e6e7e63@mail.gmail.com>
References: <[🔎] 385d1e010603112350g5c11a3b1ha21ed67f5e6e7e63@mail.gmail.com>

## Felipe Figueiredo (philsf@ufrj.br):

> once in a while (say, every two weeks) I get a brute-force
> login/password scan attempt in my server (i.e., a single ip tries
> dictionary account names and passwords at random). SSH access is
> needed by many users, and  (RSA/DSA key)-only access is, at present
> time, unwanted. So far none such attempt was lucky (to my knowlege),
> but it always gives me creeps when I see unusually big logwatch
> reports, and my contacts to sysadmins of originating networks are
> usually ignored.
> Any ideas?

Have a look at pam_abl http://www.hexten.net/pam_abl/ .
And make sure your users have good passwords.

Regards,
Christoph

-- 
Spare Space

Reply to:

References:
- howto block ssh brute-force
  - From: "Felipe Figueiredo" <philsf@ufrj.br>

Prev by Date: Re: howto block ssh brute-force
Next by Date: Re: howto block ssh brute-force
Previous by thread: Re: howto block ssh brute-force
Next by thread: Re: howto block ssh brute-force
Index(es):
- Date
- Thread