[SDBUG] brute force ssh username search on my box
Vye Wilson
vyeperman at gmail.com
Wed Apr 22 06:22:29 PDT 2009
I use sshguard on some of my boxes and key-only auth on others. Sounds like
you're looking for sshguard.
-Vye
On Wed, Apr 22, 2009 at 5:28 AM, Ronald L. Rosson Jr. <ron at oneinsane.net>wrote:
>
> On Apr 21, 2009, at 11:58 PM, J. Cordaro wrote:
>
> Hi,I'm using rootbsd's Omicron package ($40/mo for Xen sharded Xeon E5420
>> - not bad). The problem is I am getting hammered by ssh script kiddies.
>> Based on this doc:
>> http://www.freebsdwiki.net/index.php/Block_repeated_illegal_or_failed_SSH_logins I've
>> tweaked the sshdaemon and run a sweeper script to add the 'bad' ips to pf's
>> block list. The questions are, 1) should the hosting service block all this
>> junk for me? 2) Should I change the ssh port?Thanks,Jay
>>
>>
> Depending on your users who need shell access to the system and their level
> of expertise you could lockdown your SSH service by doing a few things:
> - set SSH to only use SSH-KEYS only
> - set SSHD to only allow connections from hosts it has host keys for
> (Lot of maintenance)
> Other than that see if there is something you can filter on. Start
> filtering out countries etc and so on.
>
> -Ron
> --
> Ron Rosson
> ron at oneinsane.net
> http://www.oneinsane.net
>
> _______________________________________________
> SDBUG mailing list
> SDBUG at sdbug.org
> http://lists.sdbug.org/mailman/listinfo/sdbug
>
More information about the SDBUG
mailing list