And then use a modified denyhosts to monitor failed ssh login attempts
from the IP addresses for which the firewall opened a port. Denyhosts
could then e.g. mail the IT admin when too many failed attempts are
noticed. They can then verify (e.g. by phone) that it's the user itself
failing to login (too many times) and not user or user's machine or home
network being compromised...
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds