Passing password in ssh

John Summerfield debian at herakles.homelinux.org
Thu Jan 24 13:59:20 UTC 2008


Tim wrote:
> On Thu, 2008-01-24 at 22:11 +0900, John Summerfield wrote:
>> -A INPUT -i eth0 -p tcp -m tcp --dport 22 -m state --state NEW -m limit --limit 5/hour -j LOG --log-prefix "SSH connexion "
>> -A INPUT -i eth0 -p tcp -m tcp --dport 22 -m state --state NEW -m limit --limit 5/hour -j ACCEPT
>> -A INPUT -i eth0 -p tcp -m tcp --dport 22 -j LOG --log-prefix "SSH connexion attack dropped "
>> -A INPUT -i eth0 -p tcp -m tcp --dport 22 -j DROP 
> 
> But five naughty attempts during an hour that you were wanting to
> connect, and you've been DoSed...  Unless other rules, such as:

I'm aware of that; however, I'm not protecting high-value assets.
> 
>> Note too that this is my second access control; I run shorewall on
>> the Internet gateway, and that blocks great gobs of people who've
>> offended me.
> 
> Ensure that doesn't happen.
> 

Perhaps I shouldn't mention that I principally connect via a VPN.

-- 

Cheers
John

-- spambait
1aaaaaaa at coco.merseine.nu  Z1aaaaaaa at coco.merseine.nu
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375

You cannot reply off-list:-)




More information about the fedora-list mailing list