Do you require password authentication or can you require only key access? Disabling password authentication prevents the dictionary and other brute force password attempts.
You might also consider setting up a couple of jump boxes and then use ipfilter or external firewall to only allow ssh traffic from those jump boxes. If you go this route remember to use proxycommand to relay the connection and not to store any keys on the jump box. Greg Sent from my HTC One on the Verizon Wireless 4G LTE network ----- Reply message ----- From: "Stefan Müller-Wilken" <[email protected]> To: "[email protected]" <[email protected]> Subject: [OpenIndiana-discuss] denyhosts IPS package? Date: Wed, Jan 15, 2014 5:54 AM Hi there, is there a denyhosts package available? I'd like to more effectively ban dictionary attackers from my systems and looking at https://www.illumos.org/issues/228#note-8 a package was at least in discussion. @Ken: can you comment on this? Cheers Stefan. ________________________________ Acando GmbH, Millerntorplatz 1, 20359 Hamburg, Germany | Geschäftsführer: Guido Ahle | Amtsgericht Hamburg, HRB 76048 | Ust.Ident-Nr.:DE208833022 _______________________________________________ OpenIndiana-discuss mailing list [email protected] http://openindiana.org/mailman/listinfo/openindiana-discuss _______________________________________________ OpenIndiana-discuss mailing list [email protected] http://openindiana.org/mailman/listinfo/openindiana-discuss
