FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 01-28-2009, 03:30 PM
Kevin Philp
 
Default ssh howto for debian?

Raquel wrote:

On Wed, 28 Jan 2009 15:00:37 +0000
Kevin Philp <kevin@cybercolloids.net> wrote:



A good package to install, to help with the brute force attacks is
fail2ban.



Even easier and better add the following to your iptables firewall.
This monitors your connections to the ssh port and drops the
connection if they try more than 4 connections in 10 minutes. I
have been using this for a while - works a treat.



"Easier and better" depends on a lot of factors, including a person's
desire to edit, directly, their iptables files. Some use Shorewall
(for which there are other solutions) or another firewall creation
tool. For me, I appreciated the solutions found in fail2ban.



100% agree with you - guess I shouldn't type in a hurry. I have used it
and it worked just fine. I switched to the iptables solution because we
were developing our own firewall script at the time and it made sense to
incorporate it and have one less security package to configure and worry
about. What I liked about the iptables solution was that it cut off the
hacker after a predetermined number of attempts rather than letting the
attacks mount and then then pick it up from a log-file scan. However
fail2ban can also block at the tcpwrappers level so is a bit more
flexible on how it blocks.


For those interested another popular script is at:
http://denyhosts.sourceforge.net/




--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 01-28-2009, 07:39 PM
Daniel Dalton
 
Default ssh howto for debian?

Hi,

Thanks very much to everyone that replied to my ssh question.

That's some good information, and I'll go off and do my research.

Thanks very much, it's greatly appreciated.

Cheers,

Daniel.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 07:44 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org