Oddball SSH port
James McDonald
james at jamesmcdonald.id.au
Sat Nov 17 13:30:11 PST 2007
>
>
> But if you have any other measures to protect ssh I would certainly
> like to hear.
>
>
I have used firewall rules to say only accept ssh connections from a
list of hosts e.g. (home to work, work to home, mums to home, brothers
to home etc). However if you have many hosts and you want to
interconnect from all of them that becomes unmanageable.
IPTables has the connect rate limiting stuff which is great. You say I
want no more than X connects from a host on port 22 or it will be
automagically banned for Y minutes. The dictionary cracks only get X
attempts and then get locked out. Even with fumble fingers a kosher (or
halal) user will log in correctly in 2-3 attempts and never gets locked out.
More information about the Linux-users
mailing list