Date: Tue, 9 May 2006 10:26:37 -0500 From: Dan Nelson <dnelson@allantgroup.com> To: jad@nominet.org.uk Cc: "M. Goodell" <freebsdutah@yahoo.com>, FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: System Intrustion Detection Message-ID: <20060509152637.GB42081@dan.emsphone.com> In-Reply-To: <OFC9ACE9E6.6E9E5938-ON80257169.00520F5C-80257169.0053A311@nominet.org.uk> References: <20060509145403.71699.qmail@web32413.mail.mud.yahoo.com> <OFC9ACE9E6.6E9E5938-ON80257169.00520F5C-80257169.0053A311@nominet.org.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
In the last episode (May 09), jad@nominet.org.uk said: > I would suggest using ssh with RSA key pairs and passphrases only. > Dont allow password based login or root login over ssh. Only allow > root to login using the console and use sudo for all admin tasks. > > I have not tried this myself but you could use tcpwrappers and write > a script to add the IP address from repeated failed messages to the > hosts.deny file. There are various scripts already written to do > this. A quick goggle search found this > http://security.linux.com/article.pl?sid=05/09/15/1655234 (its about > linux but I am sure the same approach applies to FreeBSD.) Some more links on securing ssh from password attacks: http://la-samhna.de/library/brutessh.html http://bsdwiki.com/wiki/Blocking_repeated_failed_login_attempts_via_SSH -- Dan Nelson dnelson@allantgroup.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060509152637.GB42081>