[SDBUG] brute force ssh username search on my box
Ronald L. Rosson Jr.
ron at oneinsane.net
Wed Apr 22 05:28:54 PDT 2009
On Apr 21, 2009, at 11:58 PM, J. Cordaro wrote:
> Hi,I'm using rootbsd's Omicron package ($40/mo for Xen sharded Xeon
> E5420 - not bad). The problem is I am getting hammered by ssh
> script kiddies. Based on this doc: http://www.freebsdwiki.net/index.php/Block_repeated_illegal_or_failed_SSH_logins
> I've tweaked the sshdaemon and run a sweeper script to add the
> 'bad' ips to pf's block list. The questions are, 1) should the
> hosting service block all this junk for me? 2) Should I change the
> ssh port?Thanks,Jay
>
Depending on your users who need shell access to the system and their
level of expertise you could lockdown your SSH service by doing a few
things:
- set SSH to only use SSH-KEYS only
- set SSHD to only allow connections from hosts it has host keys for
(Lot of maintenance)
Other than that see if there is something you can filter on. Start
filtering out countries etc and so on.
-Ron
--
Ron Rosson
ron at oneinsane.net
http://www.oneinsane.net
More information about the SDBUG
mailing list