> Hi, > > * use a Firewall to prevent other IP address to connect to your ssh > service. restrict just to yours (iptables script can be easy to find on > the web) Well, I should have added that my hosts must be world-wide accessible using password-based authentication, so this is no option. > * use Fail2ban which can ban ssh auth failure and create iptables rules. > (google can help your search about fail2ban) Well, I'm using denyhosts and a custom iptables script, so this is fairly ok already. Nevertheless, fail2ban may be yet another safetynet that I should add. Thanks! > Third use a non standart ssh port (for example 2222) apt-get install fail2ban > I'm not a huge fan of security by obscurity, so I'd rather stick with 22 for now. What remains open is what could one do proactively? I don't really feel like striking back, but getting rid of the attackers would be kind of nice... Best, Michael
Attachment:
pgpaAVo7vnt_a.pgp
Description: PGP signature