Questions concerning Security Log
Brian Gaynor
briang at pmccorp.com
Sun Apr 10 00:13:34 UTC 2005
> -----Original Message-----
> I will agree that for a script kiddy this will work, but for
> someone who is
> really trying to get in they will figure this out in a short
> time and then
> you are no longer protected. The best bet is to move to an
> unknown port.
I would disagree a bit. Denying access after a small number of unsuccessful
logons effectively reduces the bandwidth of anyone attempting a brute force
attack, script kiddie or pro. Changing ports may hide you from script
kiddies but not from a pro.
In addition the need to support users of various skill levels and additional
services that may rely on SSH (SFTP, SVN) and changing ports becomes a
support mess.
Probably the most secure is to use certificates, but this can be a headache
if you have lots of users.
Brian
More information about the fedora-list
mailing list