[colug-432] SSH

Richard Hornsby richardjhornsby at gmail.com
Wed Mar 9 22:32:26 EST 2011


> 
> I had to change the SSH port on my publicly facing machines because I
> was getting hammered by script kiddies trying every weak password in
> the book.  They might have never gotten in, but I didn't want to take
> that chance.  Annoying.  So now I have to specify my non-standard
> port.  I hate it.  There are other ways to defend.  I may use one or
> more of them in the future (eg: maybe port knocking).

I thought there was a way to increasingly slow down multiple failed attempts from the same connection, but I'm not seeing it in the sshd_config manpage.  Maybe xinetd could possibly do this?  Even small delays can help make it not worth it.

-rj


More information about the colug-432 mailing list