David C. Rankin wrote:
James Knott wrote:
David C. Rankin wrote:
Listmates,
Moving ssh to a high port has been a resounding success at completely eliminating the dictionary attacks against my server. And so far, I have not had one single instance since making the change. I don't have any great statistics, but I do have one that shows the impact very clearly. The number of log entries per 24 hour period before and after.
One thing you can do, to stop dictionary attacks, is use a key, rather than password for access. No amount of password guessing will get through if no passwords are accepted.
That seems like it is next up on my learning agenda. I already use ssh-key authentication, I guess I just need to turn password checking off.
Quite so. If you already use a key, then passwords are superfluous and give crackers an access point. Incidentally, with Linux, you don't even have to leave the key on the computer. Just save it on a USB pen drive and symlink to it. That way, no pen drive, no way to access your system via ssh. -- Use OpenOffice.org <http://www.openoffice.org> -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org