Brute force password guess attacks generally runs against ssh server.
You can allow only known ip addresses to connect ssh port with iptables but sometimes it is not the best way; you may want to login from everywhere.
In order to keep connected from everywhere while protecting system itself against brute force password attacks, you can disable password based authentication in ssh and still continue to connect with public key authentication.
To do this, change or add following line in "/etc/ssh/sshd_config" and restart ssh service:
PasswordAuthentication no
You can allow only known ip addresses to connect ssh port with iptables but sometimes it is not the best way; you may want to login from everywhere.
In order to keep connected from everywhere while protecting system itself against brute force password attacks, you can disable password based authentication in ssh and still continue to connect with public key authentication.
To do this, change or add following line in "/etc/ssh/sshd_config" and restart ssh service:
PasswordAuthentication no
No comments:
Post a Comment