Tony Placilla <bofh@xxxxxxx>
Sr. UNIX Systems Administrator
The Sheridan Libraries
Johns Hopkins University
>>> On Tue, Mar 25, 2008 at 12:48 PM, in message <47E92CD1.3060804@xxxxxxxxxxxxx>,
Tim Alberts <talberts@xxxxxxxxxxxxx> wrote:
> So I setup ssh on a server so I could do some work from home and I think
> the second I opened it every sorry monkey from around the world has been
> trying every account name imaginable to get into the system.
>
> What's a good way to deal with this?
>
I am subject to this on an all too frequent basis. Here's what we've put in place that seems to work.
DenyHosts. It's available through the rpmforge (or Dag's) repo.
Just be sure you edit the config to allow SNYC_DOWNLOAD & create an appropriate allowed.hosts file based upon your needs.
sshd in protocol 2
privilege separation
no root logins
and a nifty little PAM trick is to create a group called ssh_users & and those that should be able to access the server are put into that as their supplementary group. Edit sshd_config & add
AllowGroups ssh_users
it's part & parcel of the whole "layered security" idea
it's cut the noise in my logs down by 99.9%
plus I sleep better :)
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
