Defending Brute Force SSH Attacks

Rainer Wichmann gives a nice rundown on Defending against brute force ssh attacks:

INTRODUCTION

During 2005, bute force attacks on the ssh (secure shell) service became pretty popular. These attacks are based on a rather simple idea: use an automated program for trying, one after the other, many combinations of standard or frequently used account names and likewise frequently used password (e.g.: guest/guest).

DEFENCE METHODS

There are a number of methods to defend against such brute force attacks. The following list is intended to give an overview of them, and briefly mention their respective advantages and disadvantages.

• Strong passwords
• RSA authentication
• Using 'iptables' to block the attack
• Using the sshd log to block attacks
• Using tcp_wrappers to block attacks
• Port knocking