[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SSH Attacks - What to do?
Mike Choatie wrote:
> Steven Pritchard wrote:
>
>> On Wed, Jul 27, 2005 at 03:19:21PM -0500, Tim McDonough wrote:
>>
>>
>>> In reviewing the logs on my Linux server I see that for today and
>>> much of yesterday someone has a machine set up that's trying to log
>>> in every few seconds via SSH. They have had no success so far.
>>> Here's a snippet of the message log, the file is huge with these
>>> things. (The last two entries are me doing legitimate work.)
>>>
>>
>> [...]
>>
>> I just noticed something like 55k failed login attempts on one of my
>> few systems that has sshd open to the world. Unfortunately, I can't
>> cut off access to that system, and it would be somewhat painful to
>> disallow password authentication in general. There seems to be
>> another alternative though:
>>
>> PermitRootLogin without-password
>>
>> Despite how it sounds, that appears to disable password authentication
>> for root, but nobody else.
>>
>> Steve
>>
>>
> Why not disable password authentication all together and use dsa
> private keys instead? I used to get alot of failed logins myself,
> usually one ip would try as many as 50 or 100 times. Since I went to
> keys 1 ip will normally try 1 or 2 times and then give up. Users
> attempting ssh attacks from windows using putty will experience a
> program crash as soon as they attempt to login with out the key. Very
> effective against kiddies using windows. I tote my key around on a usb
> flash disk key chain.
>
> Mike
>
> -
> To unsubscribe, send email to majordomo@luci.org with
> "unsubscribe luci-discuss" in the body.
>
>
One more thing I want to mention. I disable root access via sshd. If I
need to administer a box I use su or sudo.
Mike
-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.