break-in attempts on my server

Bob BLU blu at scrunch.net
Sun Nov 20 21:09:47 EST 2005


At 05:15 PM 11/20/2005, David Kramer wrote:

>Is there *anything* else I can do?  There's hundreds of these attempts.

Change SSH to a different port (security through obscurity).

Change hosts.allow to only allow SSH from the internal net, and external locations that you work from. Include an external ISP host, so that if you are at a new external location you can ssh through the ISP to get in.

These two work well for me.

You can also consider disabling password access and only allow access with a key.  If you decide to keep a key at an ISP make sure it has a passphrase.

HTH.




More information about the Discuss mailing list