[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SSH Attacks - What to do?
On Wed, Jul 27, 2005 at 03:19:21PM -0500, Tim McDonough wrote:
> In reviewing the logs on my Linux server I see that for today and much
> of yesterday someone has a machine set up that's trying to log in
> every few seconds via SSH. They have had no success so far. Here's a
> snippet of the message log, the file is huge with these things. (The
> last two entries are me doing legitimate work.)
[...]
I just noticed something like 55k failed login attempts on one of my
few systems that has sshd open to the world. Unfortunately, I can't
cut off access to that system, and it would be somewhat painful to
disallow password authentication in general. There seems to be
another alternative though:
PermitRootLogin without-password
Despite how it sounds, that appears to disable password authentication
for root, but nobody else.
Steve
--
steve@silug.org | Southern Illinois Linux Users Group
(618)398-3000 | See web site for meeting details.
Steven Pritchard | http://www.silug.org/
-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.