Yes, currently I disable root, disable password, (only allow keys). The one idea I had as a last resort was to change the port from 22. Doing this would require all users to update their client side. I was hoping to make a change on the server, some software that could help protect ssh.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Howard Chu Sent: Sunday, February 17, 2008 7:08 PM To: cygwin@cygwin.com Subject: Re: Stop Brute Force Attack on SSH Kyle Dawson wrote: > How can I stop attacks on my ssh demon? I see thousands of attempts every > day. I have, I believe good password policy but since I have clients, not > 100% sure. Is there some config that I can set? One ip address comes in > and tries for a day or so. Can it see that it is the same ip and just > deny? Any tools that can help? I see the same thing once in a while. I've wanted an option for this as well. Sometimes I black-hole the offending IP address so I don't have to see the failures in the log files any more. In the meantime, I just disable password-based logins, and require everyone to use a public key. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/ -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
