SLUG Mailing List Archives
Re: [SLUG] blocking recurrent attempted access ?
- To: Glen Turner <glen.turner@xxxxxxxxxxxxx>
- Subject: Re: [SLUG] blocking recurrent attempted access ?
- From: Howard Lowndes <lannet@xxxxxxxxxxxxx>
- Date: Tue, 14 Feb 2006 14:25:50 +1100
- Cc: slug@xxxxxxxxxxx
- Organization: LANNet Computing Associates
- User-agent: Mozilla Thunderbird 1.0.7-1.1.fc4 (X11/20050929)
Glen Turner wrote:
as is, I'm the sole ssh user, though, I do use it from several hosts, not
all known in advance to me
In that case you might want to consider turning off password
authentication all together and going with just public key
authentication. Stops the door knockers cold.
Main advantage is that you're then not tied to particular
IP addresses, which is handy if you've got a laptop or
going through a big NAT somewhere.
One word of caution, esp if you are using a laptop; make sure that your
private key on your lappy is passphrase encoded. It will be the same
from any site you might access from but it does lock out casual passing
hackers if you leave the lappy unattended.
LANNet Computing Associates - Your Linux people <http://lannetlinux.com>
When you want a computer system that works, just choose Linux;
When you want a computer system that works, just, choose Microsoft.
Flatter government, not fatter government; abolish the Australian states.