[olug] Eliminate risk for brute force root login attempts

Matthew D. McCain Platte plattem at inetnebr.com
Wed Aug 2 14:56:40 UTC 2006


On Tue, 2006-08-01 at 17:51 -0500, Phil Brutsche wrote:
> Daniel Pfile wrote:
> > Try denyhosts:
> > 
> > http://denyhosts.sourceforge.net/
> > 
> > Also, remember to disable remote root logins in ssh.
> > 
> > If you have a small number of users, set up AllowUsers for the users you 
> > have.
> > 
> > Even better, if it's an option, turn on mandatory key authentication.
> 
> I find it's simpler just to change my SSH port number.
> 

+1 for port number change.

I had a script that would scan the log every three minutes looking for
evidence of the brute force kids, copying that IP to deny.hosts.  That
still let 'em in for up to three minutes, though.  I could see the
lights on the switch flickering as they tried to get into my otherwise
quiet network.

That traffic went away when I changed the port number.

-- 
-------^.^--






More information about the OLUG mailing list