ssh brute force attacks 3214

Brendon Caligari machine.

and

Tell me about it.. all day, all night..

Oh well.. I've done a number of things, and there are several articles on my site that talk about it:

by Jon Scully ssh access" keys" (uses the pamtime.so as an example to restrict ssh to certain times of the day)

You might consider using the black-listing module described at . I feel that multiple layers of defense are the way to go. For example, I shutoff ssh at my router when I'm done for the day and know I don't need to get back in. I also do the same thing in iptables just in case, and have the pamtime.so kicking in, AND am doing the other things like not allowing pbuttwords, but still have the lockout modules in there too. It's all overkill, of course, but since you never know when part of something may accidentally or forgetfully get turned on, or when a certain tool gets hacked, I just feel better with overlapping and multiple layers.

So .. when you hit my machine after I've gone home, the firewall isn't going to pbutt port 22. If for some reason it does, iptables is going to block you. If that fails, you aren't supposed to be logging in with pbuttwords, but if that has failed, you aren't allowed to log in at that time anyway, and should THAT fail, you get two chances to guess a pbuttword and then you are locked out until it resets pamtally in the morning.

And then I review the logs and if I see you've been banging away, you get added to special blacklists..

And with all that, do I feel safe? Heck no.. but at least I'm safer. Or think I am anyway - though the sad fact is that if somebody has reason to really want you, they can probably get you sooner or later, no matter what. That's just reality, so you have to prepare for that kind of disaster too.. just in case.

-- Tony Lawrence