annoying brute force attack attempt using ssh
Wolfgang S. Rupprecht
wolfgang.rupprecht+gnus200805 at gmail.com
Thu May 15 21:41:00 UTC 2008
"jeff emminger" <jemminger at gmail.com> writes:
> isn't password authentication insecure? why not set
> "PasswordAuthentication no" and use ssh keys, and maybe port-knocking
> too
My feeling exactly. You have no control over how stupid a password
users will pick. The only control you have is to not allow passwords
in the first place and insist on at least a 1k-bit (hopefully random)
key.
The "recent" iptables module takes care of the cpu loading and much of
the network loading caused by the ssh guessing attacks.
-wolfgang
--
Wolfgang S. Rupprecht http://www.wsrcc.com/wolfgang/
More information about the fedora-list
mailing list