Re: SSH Attacks - What to do?

[Steven Pritchard <steve@silug.org>]

On Wed, Jul 27, 2005 at 03:19:21PM -0500, Tim McDonough wrote:
> In reviewing the logs on my Linux server I see that for today and much 
> of yesterday someone has a machine set up that's trying to log in 
> every few seconds via SSH. They have had no success so far. Here's a 
> snippet of the message log, the file is huge with these things. (The 
> last two entries are me doing legitimate work.)
[...]

I just noticed something like 55k failed login attempts on one of my
few systems that has sshd open to the world.  Unfortunately, I can't
cut off access to that system, and it would be somewhat painful to
disallow password authentication in general.  There seems to be
another alternative though:

  PermitRootLogin without-password

Despite how it sounds, that appears to disable password authentication
for root, but nobody else.

Steve
-- 
steve@silug.org           | Southern Illinois Linux Users Group
(618)398-3000             | See web site for meeting details.
Steven Pritchard          | http://www.silug.org/

-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.