Protecting SSH from brute force attacks

Dennis Koegel amf at hobbit.neveragain.de
Fri Oct 8 00:24:57 PDT 2004


Hi,

On Thu, Oct 07, 2004 at 03:15:25PM -0700, Luke wrote:
> There are several script kiddies out there hitting my SSH server every
> day.  Sometimes they attempt to brute-force their way in trying new
> logins every second or so for hours at a time.  Given enough time, I fear
> they will eventually get in.

Apart from what was already noted here it may be a good idea to not use
PasswordAuthentication at all, you can disable it in the sshd_config.

Personally preferred solution would be public key authentication, but
there are other options as well.

No passwords used -> no passwords can be brute-forced.

HTH,
- D.


More information about the freebsd-questions mailing list