Not that safe, some of those scanners to a portscan first looking for SSH. I use the old tried-and-true "know who you want accessing the machine" and add those people/ips to hosts.allow, and deny everything else. Works like a charm, and just keep a public backdoor machine you can use to hop into your boxes from anywhere. I haven't had the slightest bit of noise in my logs for a while. :)
For cases where you have to provide SSH access to a random set of IPs, there are plenty of cute little IPtables hacks that add rules dynamically based on how many login attempts in (x) seconds. That usually work against the bulk of bots. Google SSH Brute force script.. I don't use port knocking because it's just a bit too much magic + annoyance, and the auto-blockers mentioned above seem fine. good luck, _a > I'm changing ssh port to some high random number. This is quite easy, > safe and generally blocks all automatic ssh scanners, but of course will > not close the issue in all cases. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
