[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SFTP question

> Strong agreement!  There are endless dictionary attacks to ssh.  This
> sometimes scares people but for no good reason.  If you have a strong
> passwords, and everyone should have either strong passwords for ssh or
> blocked passwords, then there is no danger.  There is no need to shy
> away from ssh simply because the Internet is a hostile place.

Another good tool to prevent dictionary attacks is "denyhosts". This one, 
combined with "portsentry" and "hostsentry", is working great.

An attackers ip will be automatically put into /etc/hosts.deny, and cannot ssh 
any more in, even if he has got the correct password. However, if he manages 
to brute force each try with a separate ip, then this defense will not work.



Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: