brute force ssh attempt mitigation

I was reading through the Logwatch emails this morning (I know, I
know, nobody is supposed to actually _read_ that stuff :D ), and I
noticed ssh brute force attempts on just about every machine. I
thought it'd be worth getting some discussion going regarding
mitigating that. One example:

 Illegal users from: ( 423 times

I don't know what (or if) any discussion has happened in the past
regarding this issue, but I always try to use denyhosts (or similar)
on my public-facing machines. Is this something that we want to look
into? Has it been discussed before? Pros? Cons?

If the team is open to the idea I'd be happy to put it on my list.

Christer Edwards

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]