Hi!

The subject of my thread is probably not very clear but I didn´t know how to express it in other words.
I have a webserver.
when I look at the log files, I see that every day (actually every night!) some people try to break in, mainly through ssh. Every day I bann some new ips in the hosts.deny.
10 people have the right to login per ssh. some of them work from home and don´ t have a static IP.

In order to avoid all those break in attempts I though about the solution of having a machine which IP would be allowed in my server (it would be then the only allowed IP). The users would have to first loggin into the first machine and from there to loggin in the server.
My idea is that the first machine would only have a sshd and a vnc servers running and therefore would attract much more little attention from people who are scanning around than the main server with its apache, ftps, mailserver, sshd....

Is this strategy useless or does it make sense?
thanks for helping me consolidating my security strategy!

What you should first do is properly harden the host then pick one method from http://www.linuxquestions.org/questi...d.php?t=340366. *Then* think about other measures. More efficient that way.