Date: Fri, 8 Oct 2004 00:43:11 -0700 From: "Benjamin P. Keating" <bkeating@gmail.com> To: Dennis Koegel <amf@hobbit.neveragain.de> Cc: Luke <luked@pobox.com> Subject: Re: Protecting SSH from brute force attacks Message-ID: <1d54d54404100800431ac55605@mail.gmail.com> In-Reply-To: <20041008072454.GB16547@neveragain.de> References: <Pine.NEB.4.60.0410071514530.27025@mx.freeshell.org> <20041008072454.GB16547@neveragain.de>
next in thread | previous in thread | raw e-mail | index | archive | help
# After 10 unauthenticated connections, refuse 30% of the new ones, and # refuse any more than 60 total. MaxStartups 10:30:60 >From an old server of mine, looks related to solutions you're seeking (but I agree with Dennis, deny PasswordAuthentication is strongest. On Fri, 8 Oct 2004 09:24:54 +0200, Dennis Koegel <amf@hobbit.neveragain.de> wrote: > Hi, > > On Thu, Oct 07, 2004 at 03:15:25PM -0700, Luke wrote: > > There are several script kiddies out there hitting my SSH server every > > day. Sometimes they attempt to brute-force their way in trying new > > logins every second or so for hours at a time. Given enough time, I fear > > they will eventually get in. > > Apart from what was already noted here it may be a good idea to not use > PasswordAuthentication at all, you can disable it in the sshd_config. > > Personally preferred solution would be public key authentication, but > there are other options as well. > > No passwords used -> no passwords can be brute-forced. > > HTH, > - D. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1d54d54404100800431ac55605>