[wplug] Any tips against this kind of ssh break-in?
Russ Schneider
russ at sugapablo.com
Fri Jul 15 07:46:51 EDT 2005
Occasionally, I get someone trying to break in via ssh, just hammering
away, I'm assuming just trying to guess passwords automatically.
Example: http://www.sugapablo.net/docs/script-02.txt
I have a firewall, ssh is one of the few open ports. The firewall
(Netgear) does not let me block IP addresses or IP ranges.
I did notice that in sshd_config, root was allowed to login. I just
turned that off.
Luckily, no one has gotten in with this kind of attempt yet. But I was
wondering if there were any further measures I could take to make sure it
never happens.
Ideally, I would think there would/should be some kind of measure I could
take where if an IP address made X number of attempts to login and failed
in a Y hour period, that IP address would be blocked from further login
attempts.
Any such thing available/possible?
Any other suggestions to futher tighten things down? What about other
users in the system like http, mysql, ftp, etc? I *assume* that since
these users don't have (at least I don't think so) passwords associated
with them and sshd_config will only allow users with passwords to login
that they can't login. (But I could be wrong.)
--
[ Russ Schneider (a.k.a. Sugapablo) ]
[ http://www.sugapablo.net <--personal | http://www.sugapablo.com <--music ]
[ http://www.2ra.org <--political | http://www.subuse.net <--discuss ]
More information about the wplug
mailing list