I think that the reverse is also a good idea, Similar to the idea of port knocking, if the machine detect's a number of failed authentication attempts if could block the source IP from attempting to authenticate for a period of time. Brute force attacks usually require a large number of attempts, unless your password is really insecure... I'm have a feeling that something like this does actually exist but I have no idea what name it goes by. Any ideas anyone? For many month's now I have noticed a lot of failed attempts in my syslogs so I removed password auth as an option which has been suggested, problem is unless you have a USB Flash drive having your Key with you can be problematic.. As the last wlug meeting I went to was more than 3 years ago I'm not up on what topics have been covered in meeting's but perhaps general security would be a good topic... Raymond Daniel Lawson wrote:
To me, the advantage of SSH is I know I can connect into the machines from anywhere in the world. I'm happy to, if necessary, mess with keys to get this level of access, but I'm not happy to say "I can only connect from this netblock and these two other IPs."
There is another alternative, which seems fairly quaint at first: port knocking. I wasn't convinced of its usefuless to start with, but it's growing on me. Before you can connect to a host, you have to send a specially crafted "knock" sequence, and the receiving host then opens up a specific, short lived firewall rule for you to access your service. The initial description refers to a sequence of SYN probes, but this could just as easily be a packet to a specific port containing a particular sequence of bytes (aka, a password).