User: Password:
Subscribe / Log in / New account

Preventing brute force ssh attacks

Preventing brute force ssh attacks

Posted Oct 25, 2007 21:42 UTC (Thu) by storner (subscriber, #119)
Parent article: Preventing brute force ssh attacks

An alternative solution to this problem is simply not having an SSH daemon available on your
public IP address.

I only permit ssh access from either my internal network or from a VPN link. (OpenVPN, since
IPsec is too horrible for words to configure). Since I only need ssh access from a limited
number of computers (two: my computer at work or my laptop), having them setup to establish a
VPN connection and run ssh through it is not a problem.

Apart from keeping SSH off the public IP, the VPN connection also allows me to access other
ressources - e.g. I can nfs mount my home directory from a remote location through the VPN
link, which does come in handy at times.

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds