Securing SSH access
Jonathan Duncan
jonathan at bluesunhosting.com
Fri Mar 28 23:19:55 MDT 2008
On 28 Mar 2008, at 21:12, Dave Smith wrote:
> In the past, I have used /etc/hosts.[deny|allow] to secure my SSH
> server by restricting access to a limited number of IP addresses.
> This has worked very well for me over the past 3 or 4 years, but now
> I need to allow access to a non-enumerable set of client IP
> addresses, so I am considering alternate methods. The first method
> on my list is to require key-based authentication (no passwords).
> Secondly, I'm thinking about using an alternate port (ie, 2222
> instead of 22) simply to ward off automated botnet logins.
>
> Does anyone see a problem with this? Any other ideas?
>
I have been using this script for a while and it works quite well:
maxlogins
http://teamits.com/resources/maxlogins.html
More information about the PLUG
mailing list