04-09-2007, John Kelly: > On Sep 3, Lars Wirzenius wrote: > >>ti, 2007-09-04 kello 10:17 +0900, Miles Bader kirjoitti: > >>> If the system is excessively anal about what passwords it will let you >>> use, people will just start writing them down... > >>That is arguably better than having passwords which can be guessed by >>doing brute-force attackes over ssh. > > I stop brute force attacks by sending auth log messages to a FIFO which I > read with a perl script. After 10 login failures, your IP is firewalled for > 24 hours.
What about having more secure Debian's sshd_config by default? " PermitRootLogin no DenyUsers * " to start with. Also i would really love to have sshd rc script being able to load different configs easily. I have dummy sshd on 22 port and one actual door on another. Having more dummy services else where, is more "security by obscurity". Not 100% protection, but something. ____ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
