Unable to ssh nodes with global IP

[Tim]

On Sun, 2011-10-23 at 12:12 +0200, Reindl Harald wrote:
> put sshd on port 10022 and all is well
>  
> this has the additional benefit to get rid of the most
> idiots trying password-attacks all day long

Though it won't stop the more determined ones.  Like those who scan for
all open ports, and then look at what responses they get to determine
what sort of server is listening.

If you have a (potentially) vulnerable server exposed, using something
like fail2ban (if I remembered the name correctly) can be a good idea.
It allows a limited number of attempts from an IP, then temporarily
blacklists that IP.  A hacker would have to have tremendous luck to
guess a password in only two attempts, for instance.


-- 
[tim at localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686

Don't send private replies to my address, the mailbox is ignored.  I
read messages from the public lists.