Re: On defense of the sshd crackers
NOTE: flubbed and sent the initial reply directly to T o n g. Resending to
the list for the archives. My apologizes to T o n g for the CC in effect if
not in name. ;)
T o n g wrote:
> I used to turn on my sshd just in case that I need to ssh back into my
box. But recently, I noticed that whenever I turn it on, almost instantly,
there will be a cracker attempting cracking into my sshd:
Along with all the other excellent suggestions what I do on my machines
is firewall off the port to the public interfaces via shorewall. Then I
found a portknock daemon and got it to open up the ssh port on a
specific knock sequence. After all that I reopened the port to any IP
address I know I or authorized people will be coming from.
So I am not deterred by the knock daemon but if I ever need to access
the machine from an IP other than those that are normally used I know the
knock sequence, know my username, know my password and know the port will be
close in a few seconds. :)
So if you absolutely need remote ip access via password from an unknown
source that might be an option you'll want to look into.
--
Steve Lamb
--
Steve Lamb
Reply to: