ssh security
Florin Andrei
florin at andrei.myip.org
Wed Jan 4 19:03:38 UTC 2006
On Tue, 2006-01-03 at 18:47 -0600, Jeff Vian wrote:
> I acknowledge the flaws, but it is better than leaving ssh open for
> repeated attempts by the script kiddies.
It is not the only solution to the brute force SSH attacks, it's a
solution with major flaws, and there are other solutions without
significant flaws.
Moving the SSH port number plus an iptables-based rate limiter should be
just as effective without the drawback of revealing account names.
Seriously, it's a basic computer security law. The external behavior of
the system should not depend in any way on the account name being
probed.
--
Florin Andrei
http://florin.myip.org/
More information about the fedora-list
mailing list