ssh attack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Hi,

I get ssh connect attempts all the time, to my servers at home and at 
work. I've noticed lately they come from a certain ip address, hitting 
every 3 or 4 seconds, trying 50 or 100 different user names and 
passwords. And I get these sweeps from 2 or 3 ip addresses a day. I 
guess this is an automated attempt to guess a user/pass and break into a 
system.

I tried to secure ssh better by putting in an AllowUsers line in 
sshd_config. Then I thought tcp wrappers and just putting in my own 
addresses in /etc/hosts.allow would be even better, until I found out 
that all mail to my email server would be rejected.

I have 2 questions. One, is there anything you can do to stop these 
attempts, other than not running ssh?

And two, do those ssh attempts every 3 or 4 seconds slow down a box, or 
put any strain on it?

John

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux