[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSH Attacks - What to do?



Mike Choatie wrote:

> Steven Pritchard wrote:
>
>> On Wed, Jul 27, 2005 at 03:19:21PM -0500, Tim McDonough wrote:
>>  
>>
>>> In reviewing the logs on my Linux server I see that for today and 
>>> much of yesterday someone has a machine set up that's trying to log 
>>> in every few seconds via SSH. They have had no success so far. 
>>> Here's a snippet of the message log, the file is huge with these 
>>> things. (The last two entries are me doing legitimate work.)
>>>   
>>
>> [...]
>>
>> I just noticed something like 55k failed login attempts on one of my
>> few systems that has sshd open to the world.  Unfortunately, I can't
>> cut off access to that system, and it would be somewhat painful to
>> disallow password authentication in general.  There seems to be
>> another alternative though:
>>
>>  PermitRootLogin without-password
>>
>> Despite how it sounds, that appears to disable password authentication
>> for root, but nobody else.
>>
>> Steve
>>  
>>
> Why not disable password authentication all together and use dsa 
> private keys instead? I used to get alot of failed logins myself, 
> usually one ip would try as many as 50 or 100 times. Since I went to 
> keys 1 ip will normally try 1 or 2 times and then give up. Users 
> attempting ssh attacks from windows using putty will experience a 
> program crash as soon as they attempt to login with out the key. Very 
> effective against kiddies using windows. I tote my key around on a usb 
> flash disk key chain.
>
> Mike
>
> -
> To unsubscribe, send email to majordomo@luci.org with
> "unsubscribe luci-discuss" in the body.
>
>
One more thing I want to mention. I disable root access via sshd. If I 
need to administer a box I use su or sudo.

Mike

-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.