View Single Post
Old 14th May 2009
frijsdijk frijsdijk is offline
Real Name: Frederique Rijsdijk
New User
 
Join Date: May 2009
Location: Netherlands, The Hague
Posts: 2
Default

I see alot of ppl advising ports to combat the ssh brute force attacks. There much more simple ways:

- use /etc/hosts.allow
- if you want to have ssh open for all, use ssh-keys and empty the passwords in your master.passwd (replace hash with '*') - that makes it impossible for anyone to brute force anything, because there are no passwords.
- /etc/ssh/sshd_config gives you some options too: AllowUsers, AllowGroups, also in format like user@192.168.1.1 to allow 'user' to connect only from 192.168.1.1

Cheers!
Reply With Quote