Hi,
I get ssh connect attempts all the time, to my servers at home and at
work. I've noticed lately they come from a certain ip address, hitting
every 3 or 4 seconds, trying 50 or 100 different user names and
passwords. And I get these sweeps from 2 or 3 ip addresses a day. I
guess this is an automated attempt to guess a user/pass and break into a
system.
I tried to secure ssh better by putting in an AllowUsers line in
sshd_config. Then I thought tcp wrappers and just putting in my own
addresses in /etc/hosts.allow would be even better, until I found out
that all mail to my email server would be rejected.
I have 2 questions. One, is there anything you can do to stop these
attempts, other than not running ssh?
And two, do those ssh attempts every 3 or 4 seconds slow down a box, or
put any strain on it?
John
