Re: Repeated attacks via SSH
At 04:12 PM 10/2/2005, Daniel Gerzo wrote:
>very nice is to use AllowUsers in form of user@host.
If you can get away with it, absolutely. Same with the RSA keys.
Of course, the problem is that if you need to get access in an
emergency from who-knows-where, you're pretty much stuck with
passwords unless you have a token system or a one time password
system (e.g. S/Key). (Which reminds me: Anyone have a good S/Key
implementation for the Palm Pilot?)
>> We also have a log monitor
>> that watches the logs (/var/log/auth.log in particular) and
>> blackholes hosts that seem to be trying to break in via SSH.
>
>I wrote a similar script. it's also in ports under
>security/bruteforceblocker
The system we're using is the general purpose log monitor I
described at BSDCon in San Francisco. It's written in SNOBOL4
and has nice features like amnesty and rate limiting.
--Brett
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 3 之 23 篇):