Rick Moen <rick@linuxmafia.com> wrote:
Anyone who's run a public sshd and noted automated attempts to login using 'joe' account/password combinations will have noticed that the rate of traffic involved is really slow. It would be interesting to run the numbers on that; I'll readily confess I haven't, but breaking into systems that way strikes me as pretty improbable under most circumstances, and basically not worth worrying about unless you have users who use _literally_ trivially guessable credentials.
I agree, and if you do have such users there is every reason to follow Rick's excellent advice (not quoted here) for strengthening the checks performed on candidate passwords. It doesn't take long to shut down ssh before editing /etc/ssh/sshd_config to set PasswordAuthentication no. If I didn't want ssh to listen on non-local interfaces, I wouldn't install the package in the first place.