Protecting SSH from brute force attacks
Benjamin P. Keating
bkeating at gmail.com
Fri Oct 8 00:43:15 PDT 2004
# After 10 unauthenticated connections, refuse 30% of the new ones, and
# refuse any more than 60 total.
MaxStartups 10:30:60
>From an old server of mine, looks related to solutions you're seeking
(but I agree with Dennis, deny PasswordAuthentication is strongest.
On Fri, 8 Oct 2004 09:24:54 +0200, Dennis Koegel
<amf at hobbit.neveragain.de> wrote:
> Hi,
>
> On Thu, Oct 07, 2004 at 03:15:25PM -0700, Luke wrote:
> > There are several script kiddies out there hitting my SSH server every
> > day. Sometimes they attempt to brute-force their way in trying new
> > logins every second or so for hours at a time. Given enough time, I fear
> > they will eventually get in.
>
> Apart from what was already noted here it may be a good idea to not use
> PasswordAuthentication at all, you can disable it in the sshd_config.
>
> Personally preferred solution would be public key authentication, but
> there are other options as well.
>
> No passwords used -> no passwords can be brute-forced.
>
> HTH,
> - D.
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
More information about the freebsd-questions
mailing list