using ssh keys is a good way, but not always comfortable. For example in a case of web hosting. And there is no warranty to admit that all users will not use a dictionary passwords. There will be solution to use a pam-abl module. Here is instructions for ubuntu and mepis linux users: http://tech.tolero.org/blog/en/linux/ssh-password-brute-force-protection

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/infocus/1810/837#837