Art Edwards wrote: ssh, by it's design is insecure. It SHOULD incorporate some means of limiting password attempts. It does not! Using alternate ports can be a pain in the butt as some programs (like webmin "filesystem backup) do not support alternate ports. I suggest 2 methods, fail2ban and a firewall if you must allow password logins. You can set the firewall to allow only certain ip's or ip ranges. But do not get to comfortable with a firewall ONLY solution. The first time the local firewall goes down, or is taken down and forgotten to re-enable, you'll get compromised. Again, the best solution would be for ssh to incorporate a solution, thus if ssh is started, the solution is started... -- This message has been scanned for viruses and dangerous content by RCRnet, and is believed to be clean. |