Re: howto block ssh brute-force

To: "philsf79@gmail.com" <debian-security@lists.debian.org>
Subject: Re: howto block ssh brute-force
From: "fgeek" <fgeek@fgeek.info>
Date: Mon, 13 Mar 2006 08:24:59 +0200 (EET)
Message-id: <[🔎] 54987.130.231.240.27.1142231099.squirrel@secure.qvd.fi>
In-reply-to: <[🔎] 385d1e010603112350g5c11a3b1ha21ed67f5e6e7e63@mail.gmail.com>
References: <[🔎] 385d1e010603112350g5c11a3b1ha21ed67f5e6e7e63@mail.gmail.com>

> Hello,
>
> once in a while (say, every two weeks) I get a brute-force
> login/password scan attempt in my server (i.e., a single ip tries
> dictionary account names and passwords at random). SSH access is
> needed by many users, and  (RSA/DSA key)-only access is, at present
> time, unwanted. So far none such attempt was lucky (to my knowlege),
> but it always gives me creeps when I see unusually big logwatch
> reports, and my contacts to sysadmins of originating networks are
> usually ignored.
>
> Any ideas?
>
> Maybe there is a way to temporarily block ips upon such attempts (is
> this a FAQ?), or maybe divert them like what portsentry does for
> portscans?
>

I suggest you should use long and 'safe' passwords. It helps you a lot,
but as many of people have answered about using different port and so on..
those are good ways too.

 - Henri Salo

Reply to:

Follow-Ups:
- Idea to secure ssh [was: howto block ssh brute-force]
  - From: Neal Murphy <neal.p.murphy@alum.wpi.edu>

References:
- howto block ssh brute-force
  - From: "Felipe Figueiredo" <philsf@ufrj.br>

Prev by Date: Re: howto block ssh brute-force
Next by Date: Re: security issues with apache!
Previous by thread: Re: howto block ssh brute-force
Next by thread: Idea to secure ssh [was: howto block ssh brute-force]
Index(es):
- Date
- Thread