Tugger the SLUGger!SLUG Mailing List Archives

Re: [SLUG] blocking recurrent attempted access ?




Glen Turner wrote:

as is, I'm the sole ssh user, though, I do use it from several hosts, not
all known in advance to me


In that case you might want to consider turning off password
authentication all together and going with just public key
authentication.  Stops the door knockers cold.

Main advantage is that you're then not tied to particular
IP addresses, which is handy if you've got a laptop or
going through a big NAT somewhere.

One word of caution, esp if you are using a laptop; make sure that your private key on your lappy is passphrase encoded. It will be the same from any site you might access from but it does lock out casual passing hackers if you leave the lappy unattended.

--
Howard.
LANNet Computing Associates - Your Linux people <http://lannetlinux.com>
When you want a computer system that works, just choose Linux;
When you want a computer system that works, just, choose Microsoft.
--
Flatter government, not fatter government; abolish the Australian states.