Re: Ideas for stopping ssh brute force attacks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Tue, 22 Jul 2008 16:34:54 +0200
Rudi Ahlers <Rudi@xxxxxxxxxxx> wrote:

> Bowie Bailey wrote:
> > Bo Lynch wrote:
> >   
> >> just wanted to get some feedback from the community. Over the last
> >> few days I have noticed my web server and email box have attempted
> >> to ssh'd to using weird names like admin,appuser,nobody,etc....
> >> None of these are valid users. I know that I can block sshd all
> >> together with iptables but that will not work for us. I did a
> >> little research on google and found programs like sshguard and
> >> sshdfilter. Just wanted to know if anyone had any experience with
> >> anything like these programs or have any other advice. I really
> >> appreciate it. 
> >
> > The simplest thing is to change the port.  I know it's "security
> > through obscurity", but it works well and can be used along with
> > whatever other security enhancements you care to use.
> >
> >   
> By changing the ports on all our servers to a high (above 1024) port,
> we have eliminated SSH scans altogether - been running like that for
> a few years now without any problems.
> 
> I also add a small script in /etc/profile to email me when someone
> logs in via SSH, since only a few privileged ppl should use SSH
> altogether
> 

Interesting idea with this script thing. Can you provide more details or
the script?
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux