[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: On defense of the sshd crackers

NOTE: flubbed and sent the initial reply directly to T o n g.  Resending to
the list for the archives.  My apologizes to T o n g for the CC in effect if
not in name.  ;)

T o n g wrote:
> I used to turn on my sshd just in case that I need to ssh back into my
box. But recently, I noticed that whenever I turn it on, almost instantly,
there will be a cracker attempting cracking into my sshd:

    Along with all the other excellent suggestions what I do on my machines
is firewall off the port to the public interfaces via shorewall.  Then I
found a portknock daemon and got it to open up the ssh port on a
specific knock sequence.  After all that I reopened the port to any IP
address I know I or authorized people will be coming from.

    So I am not deterred by the knock daemon but if I ever need to access
the machine from an IP other than those that are normally used I know the
knock sequence, know my username, know my password and know the port will be
close in a few seconds.  :)

    So if you absolutely need remote ip access via password from an unknown
source that might be an option you'll want to look into.

Steve Lamb

Steve Lamb

Reply to: