 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
On Sun, Nov 20, 2005 at 05:44:09PM -0500, Kent Borg wrote: > On Sun, Nov 20, 2005 at 05:15:35PM -0500, David Kramer wrote: > > Is there *anything* else I can do? There's hundreds of these attempts. > > If you have good passwords, they won't get in. I get tons of attempts > most days and I don't worry about them. If you have well-secured private keys, they can't guess the password, no matter what. > If you want to slow them down I have seen suggestions to have your > iptables automatically blackhole the IP address of anyone who tries > too many times to login and fails. The blackhole expires after a time > so you don't collect a bunch of dynamic IP addresses that are later > innocent. > > https://www.redhat.com/archives/fedora-list/2005-May/msg01323.html This is also a useful step. Oh, and SSHAllowUsers -- reject idiot attempts "Admin, backup, cvs, daemon..." and just allow the four users who actually come in remotely. -dsr-
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
