NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: help? fighting ssh user/password guessing attempts

Salut, Thomas,

On Wed, 15 Oct 2008 20:42:37 +0200, Thomas Feddersen wrote:
> in my /var/log/authlog I can see many hackers attempting to get
> access to my system by trying arbitrary usernames. First of all I
> have disabled password authentication so valid users can ony login
> with a key. Still I'd like to lock the respective hosts out, from
> where these attacks originate.

I have adapted the following technique:

1. enable uniquely SSH key authentication or alternatively force all
   users to have sane passwords.
2. Impose connection rate limits.
3. If an attacker is so annoying that he eats a lot of bandwidth (some
   do), block him. Otherwise, laugh at him.

I really don't see the need to do much more than that.


Attachment: signature.asc
Description: PGP signature

Home | Main Index | Thread Index | Old Index