LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Preventing brute force ssh attacks

Preventing brute force ssh attacks

Posted Oct 25, 2007 21:42 UTC (Thu) by storner (subscriber, #119)
Parent article: Preventing brute force ssh attacks 

An alternative solution to this problem is simply not having an SSH daemon available on your
public IP address.

I only permit ssh access from either my internal network or from a VPN link. (OpenVPN, since
IPsec is too horrible for words to configure). Since I only need ssh access from a limited
number of computers (two: my computer at work or my laptop), having them setup to establish a
VPN connection and run ssh through it is not a problem.

Apart from keeping SSH off the public IP, the VPN connection also allows me to access other
ressources - e.g. I can nfs mount my home directory from a remote location through the VPN
link, which does come in handy at times.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds