Re: SSH Attacks - What to do?

[Mike Choatie <mchoatie@consolidated.net>]

Steven Pritchard wrote:

>On Wed, Jul 27, 2005 at 03:19:21PM -0500, Tim McDonough wrote:
>  
>
>>In reviewing the logs on my Linux server I see that for today and much 
>>of yesterday someone has a machine set up that's trying to log in 
>>every few seconds via SSH. They have had no success so far. Here's a 
>>snippet of the message log, the file is huge with these things. (The 
>>last two entries are me doing legitimate work.)
>>    
>>
>[...]
>
>I just noticed something like 55k failed login attempts on one of my
>few systems that has sshd open to the world.  Unfortunately, I can't
>cut off access to that system, and it would be somewhat painful to
>disallow password authentication in general.  There seems to be
>another alternative though:
>
>  PermitRootLogin without-password
>
>Despite how it sounds, that appears to disable password authentication
>for root, but nobody else.
>
>Steve
>  
>
Why not disable password authentication all together and use dsa private 
keys instead? I used to get alot of failed logins myself, usually one ip 
would try as many as 50 or 100 times. Since I went to keys 1 ip will 
normally try 1 or 2 times and then give up. Users attempting ssh attacks 
from windows using putty will experience a program crash as soon as they 
attempt to login with out the key. Very effective against kiddies using 
windows. I tote my key around on a usb flash disk key chain.

Mike

-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.