[lug] Personal Server Behind DSL Router
Ken MacFerrin
lists at macferrin.com
Thu Jan 11 22:11:09 MST 2007
David L. Anselmi wrote:
> Ken MacFerrin wrote:
>>>> Are there any best practices or configurations to
>>>> limit brute force attacks on open ports like ssh?
>>> The only one I've ever needed is to move it off the default port.
>>
>> If you have a small ssh user list then I'm a strong believer in the
>> "AllowUsers" config option as well.
>
> A small user list period accomplishes the same thing. But AllowUsers
> isn't a bad thing.
>
The plus to "AllowUsers" is that it also blocks attempts against all
your system accounts as well (not that they shouldn't already have a
/bin/false shell anyway).
More information about the LUG
mailing list