Re: [gentoo-user] Re: SSH brute force attacks and blacklist.py

public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed

From: Steve <Gentoo_sjh@shic.co.uk>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user]  Re: SSH brute force attacks and blacklist.py
Date: Thu, 28 Feb 2008 11:13:10 +0000	[thread overview]
Message-ID: <47C69746.5010106@shic.co.uk> (raw)
In-Reply-To: <200802281055.23451.shrdlu@unlimitedmail.org>

Thanks for all your suggestions...

I will look into fail2ban... that might be what I need...  While I could 
crank BLOCKING_PERIOD for blacklist.py to an absurdly high value, this 
(AFAIK) will not persist blocks when the server is powered down or rebooted.

I need to retain port 22 and can't easily do port-knocking - since some 
of the clients I require to connect to my server are in restrictive 
environments.  I've another idea too... I'm happy to entirely cut off 
all services from any IP that attempts to brute-force SSH passwords... 
as it is an unequivocal act of aggression that would not arise with any 
legitimate clients... Another aside is that in some restrictive 
environments it is hard to securely obtain my private key without first 
obtaining a secure off-site connection.  For this reason, I prefer to 
have the facility to log in using username/password - my compromise is 
to make my password extremely complex... plus using a non-obvious 
user-id, which again hampers attackers.

While interesting, I don't think the connection rate limiter is for 
me... I may want to legitimately make rapid connections at some time or 
other. :-)
-- 
gentoo-user@lists.gentoo.org mailing list

next prev parent reply	other threads:[~2008-02-28 11:13 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-02-27 17:51 [gentoo-user] SSH brute force attacks and blacklist.py Steve
2008-02-27 18:09 ` [gentoo-user] " 7v5w7go9ub0o
2008-02-27 18:14   ` 7v5w7go9ub0o
2008-02-27 18:12 ` [gentoo-user] " Alan McKinnon
2008-02-27 19:07 ` Justin
2008-02-27 21:39   ` [gentoo-user] " Anno v. Heimburg
2008-02-28 16:31     ` Willie Wong
2008-02-27 20:24 ` Remy Blank
2008-02-27 23:01   ` Iain Buchanan
2008-02-28  9:55   ` Etaoin Shrdlu
2008-02-28 11:13     ` Steve [this message]
2008-02-28 16:19       ` Willie Wong

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=47C69746.5010106@shic.co.uk \
    --to=gentoo_sjh@shic.co.uk \
    --cc=gentoo-user@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox