On 8 Jan 2014, at 22:30, Bob Armstrong <bob at jfcl.com> wrote: I've seen idiots attacking ... via the SSH connection, FWIW, I've put all my public SSH ports on non-standard port numbers. It's pretty much eliminated all the attacks. I think most of these attackers are bots and script kiddies, and they only try the well known ports. Bob I personally run sshd in pubkey auth mode only, and when I see login attempts, I bombard the source IP with packets using nmap. Tends to stop them in about 30-90 secs.