Louis Richards wrote:
On Tuesday 08 November 2005 10:40 am, Ulf Rasch wrote:
If you refer to the thread "[SLE] stopping dictionary attacks on sshd" look at the post from Kevin 15:19 today. There is not more to add. This "coolsolution" or changing the portnumber sshd will listen on only help you that these attacks don't fill you logs.
Adding a host to the /etc/hosts.deny file does much more than prevent my logs from filling up. It's not filling my logs because the offending host is no longer accessing my server.
How many hosts will that script put into you hosts.deny until you give up and try a more secure way? 10, 100, 1000? With password authentication you still give every host which is not in your blacklist x tries. With publickey authentication they can try forever. They would need your key and its password and not a dictionary to break into your box through ssh. (given that there are security issues with ssh of course) Given that you have setup your sytem for publickey authentication and disabled passwords there would be no need to put this script on your server. Ulf