Remote SSH login access is pretty much a necessity for administering and managing Unix/Linux servers. But how to allow access for the admins without also letting in the hacker hordes? VPNs are one solution, but they can be a pain to use and to setup, especially if you’re working with machines on several different networks.
Servers that allow direct SSH access, are going to attract plenty of remote login attempts. You need to ensure that the hackers can’t just keep beating on your door presenting different passwords until they get lucky. On one fairly typical server I administer there are around 2,800 failed login attempts per day or roughly one attempt a second. Installing a blocker for brute-force password hacking has been on my todo list for a while. This week I finally got a round tuit.