ssh security

[Florin Andrei]

On Tue, 2006-01-03 at 18:47 -0600, Jeff Vian wrote:

> I acknowledge the flaws, but it is better than leaving ssh open for
> repeated attempts by the script kiddies.

It is not the only solution to the brute force SSH attacks, it's a
solution with major flaws, and there are other solutions without
significant flaws.

Moving the SSH port number plus an iptables-based rate limiter should be
just as effective without the drawback of revealing account names.

Seriously, it's a basic computer security law. The external behavior of
the system should not depend in any way on the account name being
probed.

-- 
Florin Andrei

http://florin.myip.org/