[Catalyst] [OT] sshd (was Re: Encrypt /Decrypt URI)
Dave Rolsky
autarch at urth.org
Sat May 19 15:11:27 GMT 2007
On Sat, 19 May 2007, Daniel Hulme wrote:
> On Sat, May 19, 2007 at 12:24:07PM +0200, A. Pagaltzis wrote:
>> all you need. F.ex., it would be dumb to run sshd on a port other
>> than 22, hoping that no one finds it. But if you keep track of
>
> Not really. I run sshd on my home box on a non-default port, because I
> was fed up of worms running their dictionaries of uname/password combos
> against it, eating my bandwidth and driving my loadavg up the wall. I
> keep the box up to date, and my password is non-trivial, so it's not my
> only defence, but it makes life easier for me.
Check out fail2ban. It can be configured to block an IP with firewall
rules after it fails to login via SSH a few times. I've installed it on my
systems and it reports banning various IPs semi-frequently, which makes me
happy since in the past they would've been trying their entire dictionary.
-dave
/*===================================================
VegGuide.Org www.BookIRead.com
Your guide to all that's veg. My book blog
===================================================*/
More information about the Catalyst
mailing list