brute force ssh attempt mitigation

From: Christer Edwards <christer edwards gmail com>
To: gnome-infrastructure gnome org
Subject: brute force ssh attempt mitigation
Date: Wed, 31 Mar 2010 08:21:04 -0600

I was reading through the Logwatch emails this morning (I know, I
know, nobody is supposed to actually _read_ that stuff :D ), and I
noticed ssh brute force attempts on just about every machine. I
thought it'd be worth getting some discussion going regarding
mitigating that. One example:

...[snip]...
 Illegal users from:
   71.43.151.229 (rrcs-71-43-151-229.se.biz.rr.com): 423 times
...[snip]...

I don't know what (or if) any discussion has happened in the past
regarding this issue, but I always try to use denyhosts (or similar)
on my public-facing machines. Is this something that we want to look
into? Has it been discussed before? Pros? Cons?

If the team is open to the idea I'd be happy to put it on my list.

-- 
Christer Edwards

Follow-Ups:
- Re: brute force ssh attempt mitigation
  - From: Olav Vitters
- Re: brute force ssh attempt mitigation
  - From: Jeff Schroeder

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]