SSH Scanning and Brute-Force attacks

Many system administrators have already replaced their old Telnet, rsh/rlogin and ftp with more secure alternatives such as Secure Shell. While this improves security quite a bit, most SSH servers still allow access based on username/password credentials.

If your SSH server is connected to the Internet, you are still vulnerable to password-guessing attacks from automated scanning tools (see SANS “Internet Storm Center”).

To counter this threat, use SSH public key authentication instead of passwords. You can then disable password authentication in SSH altogether.

As an additional security measure, I recommend installing and configuring DenyHosts on your systems.

For more information, see my Wiki: HOWTO Secure SSH.