[no subject]

Why not just use port knocking for opening ssh:

<a  rel="nofollow" href="http://www.portknocking.org/view/implementations";>http://www.portknocking.org/view/implementations</a>

There are a number of available daemons to start ssh for you.



Thus spake Sean Johnson (esperantisto at gmail.com):

&gt; Hi all, 
&gt; 
&gt; Just catching up on this thread... i experienced a lot of these type
&gt; of attacks, usually from Asian IPs late at night, so another way i
&gt; helped protect my system was by adding 2 cron jobs one that starts the
&gt; server at 9AM and shuts it down at 6pm. These are the only times i use
&gt; it from work. This is in addition to the following:
&gt; 
&gt; 1. Disable root login via ssh (as well as all other normal type users
&gt; that programs run under)
&gt; 2. Enable it for only the users that explicity need it. (use bastille to help)
&gt; 3. Move default port from 22
&gt; 4. Limiting IP addresses from which you can connect to the server (i.e. work)
&gt; 
&gt; Sean Johnson
&gt; Libranet now Ubuntu! :)
&gt; 
&gt; 
&gt; On Wed, 09 Feb 2005 11:48:32 -0500, John Trostel
&gt; &lt;jtrostel at mindspring.com&gt; wrote:
&gt; &gt; These types of ssh brute force attacks have been occurring for at least
&gt; &gt; a year, I think.  If your system is exposed to the net for any
&gt; &gt; reasonable period of time and runs ssh, it should have been subjected to
&gt; &gt; them.
&gt; &gt; 
&gt; &gt; Always good to keep up to date, turn off (and remove) unneeded services,
&gt; &gt; and read and apply the handy tips in Bob's book!
&gt; &gt; 
&gt; &gt; --
&gt; &gt; John Trostel
&gt; &gt; Photon Computer Services
&gt; &gt; System Support and Design
&gt; &gt; &quot;We're small, fast and discrete&quot;
&gt; &gt; 404-247-5112
&gt; &gt; 
&gt; &gt; _______________________________________________
&gt; &gt; Ale mailing list
&gt; &gt; Ale at ale.org
&gt; &gt; <a  rel="nofollow" href="http://www.ale.org/mailman/listinfo/ale";>http://www.ale.org/mailman/listinfo/ale</a>
&gt; &gt;
&gt; _______________________________________________
&gt; Ale mailing list
&gt; Ale at ale.org
&gt; <a  rel="nofollow" href="http://www.ale.org/mailman/listinfo/ale";>http://www.ale.org/mailman/listinfo/ale</a>

:wq!
---------------------------------------------------------------------------
Robert L. Harris                     | GPG Key ID: E344DA3B
                                         @ x-hkp://pgp.mit.edu
DISCLAIMER:
      These are MY OPINIONS             With Dreams To Be A King,
       ALONE.  I speak for              First One Should Be A Man
       no-one else.                       - Manowar

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature



</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00286" href="msg00286.html">[ale] failed ssh login attempts</a></strong>
<ul><li><em>From:</em> jtrostel at mindspring.com (John Trostel)</li></ul></li>
<li><strong><a name="00350" href="msg00350.html">[ale] failed ssh login attempts</a></strong>
<ul><li><em>From:</em> esperantisto at gmail.com (Sean Johnson)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00350.html">[ale] failed ssh login attempts</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00352.html">[ale] [Sorta OT] Thinkpad 600x TV out</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00350.html">[ale] failed ssh login attempts</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00360.html">[ale] failed ssh login attempts</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00351"><strong>Date</strong></a></li>
<li><a href="threads.html#00351"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>