OT: Security....

[Stewart Nelson]

> I do see more brute force attempts @ ssh these days and start wondering
> how much longer some script kiddie needs to make the algortihm a bit more
> clever (and eg attack user names on certain hosts which are likely to
> exist. This could be harvested eg from email addresses...).

> I have hacked a script which tails /var/log/secure and reacts on attempts
> to log in as root with password. Such offending IPs are then denied port
> 22 access. Any comments, positive or negative, on this?

IMO:

Don't use port 22.  Choose a 'random' high port.  If that won't work
for you, e.g. you need access to your machine from behind a customer's
firewall that blocks most outgoing ports, use some other port that
they do allow and is not commonly scanned.

Disable password authentication and use RSA, unless you really need to
access your fedora from a system not known in advance.  Think twice
about that; the system could have a keystroke logger, etc.

If you only need SSH access from specific locations, allow only
specific IPs (or if dynamic, small IP ranges) to connect.

Of course, promptly install any security patches for SSH.

I see no problem with your automatic blocking, as long as a
valid user will not accidentally trigger it.  For example, if
you normally log in as root using RSA, and RSA authentication
fails because of a transient technical problem, then the client
might default to password authentication and trigger your
block.  That should not be a problem, if the account you connect
to is not named 'root'.

--Stewart