Re: [opensuse] dictionary attacks

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

joe wrote:

joe wrote:
Richard Creighton wrote:

I prefer a more simple approach. Rather than adding more firewall rules, I set
the sshd allowed_users parameter to the 2 accounts that actually have a
reason to log in, and I also limit the IP addresses which will accept an ssh
connection using tcp wrappers (hosts.allow, hosts.deny).

typo/thinko - I meant, limit the addresses *from* which it will accept an ssh
connection using tcp wrappers. Also, as one poster mentioned, using keys
instead of passwords is another handy ssh trick, along with reducing the max
failed attempts and grace period for ssh logins.

Joe

A small point, for small setups the pam_access.so module is probably
simpler to use than tcp wrappers. (but of course this depends on ones
definition of simple :-) ).

- --
==============================================================================
I have always wished that my computer would be as easy to use as my
telephone.
My wish has come true. I no longer know how to use my telephone.

Bjarne Stroustrup
==============================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFGm6jGasN0sSnLmgIRAlBNAJ4zzkdiKfhl1ebN6rTJYrcsqdElSwCeNoJl
+Q8P2oajTRx6FwLykjtMcek=
=aB/l
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx