System Intrustion Detection
Dan Nelson
dnelson at allantgroup.com
Tue May 9 15:26:53 UTC 2006
In the last episode (May 09), jad at nominet.org.uk said:
> I would suggest using ssh with RSA key pairs and passphrases only.
> Dont allow password based login or root login over ssh. Only allow
> root to login using the console and use sudo for all admin tasks.
>
> I have not tried this myself but you could use tcpwrappers and write
> a script to add the IP address from repeated failed messages to the
> hosts.deny file. There are various scripts already written to do
> this. A quick goggle search found this
> http://security.linux.com/article.pl?sid=05/09/15/1655234 (its about
> linux but I am sure the same approach applies to FreeBSD.)
Some more links on securing ssh from password attacks:
http://la-samhna.de/library/brutessh.html
http://bsdwiki.com/wiki/Blocking_repeated_failed_login_attempts_via_SSH
--
Dan Nelson
dnelson at allantgroup.com
More information about the freebsd-questions
mailing list