Joop Beris wrote:
On Saturday 03 October 2009 17:16:09 Per Jessen wrote:
I've just remembered the only drawback - using rsync, scp and others who use ssh under the covers does become a little tiresome, but I think both rsync and scp have environment variables that'll set a usable default so you don't have to specify the new port all the time.
Fail2ban is your friend: http://www.fail2ban.org/wiki/index.php/Main_Page
IMHO, that solution is much easier implemented with three iptables rules or by using the standard openSUSE firewwall as described by Andreas Jaeger. Besides, fail2ban suffers from the same weakness that this attack was clearly designed to abuse.
I use it to protect my home server against SSH and Apache attacks. Works like a charm and I don't have to use the "security through obscurity" approach by running my ssh daemon on a different port. Sure, it will stop scripted attacks, but it breaks rsync et al.
See other postings in this thread - rsync, scp et al is not a problem, you can configure the port on a host-by-host basis in /etc/ssh/ssh_config. Works very well. /Per -- Per Jessen, Zürich (16.2°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org