[SDBUG] brute force ssh username search on my box
Can Erkin Acar
canacar at gmail.com
Wed Apr 22 21:43:00 PDT 2009
On 4/22/09, Ronald L. Rosson Jr. <ron at oneinsane.net> wrote:
>
> On Apr 21, 2009, at 11:58 PM, J. Cordaro wrote:
>
>> Hi,I'm using rootbsd's Omicron package ($40/mo for Xen sharded Xeon
>> E5420 - not bad). The problem is I am getting hammered by ssh
>> script kiddies. Based on this doc:
>> http://www.freebsdwiki.net/index.php/Block_repeated_illegal_or_failed_SSH_logins
>>
>> I've tweaked the sshdaemon and run a sweeper script to add the
>> 'bad' ips to pf's block list. The questions are, 1) should the
>> hosting service block all this junk for me? 2) Should I change the
>> ssh port?Thanks,Jay
>>
>
> Depending on your users who need shell access to the system and their
> level of expertise you could lockdown your SSH service by doing a few
> things:
> - set SSH to only use SSH-KEYS only
> - set SSHD to only allow connections from hosts it has host keys for
... and make sure your SSH keys were not generated on an (older)
Debian/Ubuntu machine :) [1]
Also, if you have a newer OpenSSH version, check out the 'Match'
keyword in sshd_config(5). This allows you to set authentication
parameters (among other things) depending on User, Group, Host and
Address (of the connecting user).
Can
[1] http://www.metasploit.com/users/hdm/tools/debian-openssl/
More information about the SDBUG
mailing list