Re: ssh security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



In my opinion, the easiest way to handle this is to move the SSH ports. Then just
pass the -p (port) option for logging in. While this is not bullet proof, it will stop 99.9%
of  Brute Force attempts.

~Ron

Cisco-Education wrote:
Dear All,

I have the following setup running perfectly OK for a long time

CentOS release 5 (Final)
sendmail-8.13.8-2.el5
MailScanner 4.76.25
bind-9.3.4-6.0.3.P1.el5_2

now i jus setup a centos box running BackupPC for backing up my my above
mail server using ssh as per the instructions in backup pc site
i had to enable sshd so i did it and
everthing works perfect and backup works great as per my requirement

but i notice that when i do a

tail -f /var/log/secure

i see the followin very often
---------------------------
Jun 19 16:26:06 kmdns1 sshd[11073]: Invalid user jeka from 87.118.122.78
Jun 19 16:26:06 kmdns1 sshd[11074]: input_userauth_request: invalid user jeka
Jun 19 16:26:06 kmdns1 sshd[11074]: Received disconnect from
87.118.122.78: 11: Bye Bye
Jun 19 16:26:07 kmdns1 sshd[11075]: Invalid user stat from 87.118.122.78
Jun 19 16:26:07 kmdns1 sshd[11076]: input_userauth_request: invalid user stat
Jun 19 16:26:08 kmdns1 sshd[11076]: Received disconnect from
87.118.122.78: 11: Bye Bye
Jun 19 16:26:09 kmdns1 sshd[11077]: Invalid user nikonew from 87.118.122.78
Jun 19 16:26:09 kmdns1 sshd[11078]: input_userauth_request: invalid user
nikonew
Jun 19 16:26:09 kmdns1 sshd[11078]: Received disconnect from
87.118.122.78: 11: Bye Bye
Jun 19 16:26:10 kmdns1 sshd[11079]: Invalid user koval from 87.118.122.78
Jun 19 16:26:10 kmdns1 sshd[11080]: input_userauth_request: invalid user
koval
Jun 19 16:26:11 kmdns1 sshd[11080]: Received disconnect from
87.118.122.78: 11: Bye Bye
Jun 19 16:26:12 kmdns1 sshd[11081]: Invalid user smk from 87.118.122.78
Jun 19 16:26:12 kmdns1 sshd[11082]: input_userauth_request: invalid user smk
Jun 19 16:26:12 kmdns1 sshd[11082]: Received disconnect from
87.118.122.78: 11: Bye Bye
Jun 19 16:26:14 kmdns1 sshd[11083]: Invalid user ksusha from 87.118.122.78
Jun 19 16:26:14 kmdns1 sshd[11084]: input_userauth_request: invalid user
ksusha
Jun 19 16:26:14 kmdns1 sshd[11084]: Received disconnect from
87.118.122.78: 11: Bye Bye
Jun 19 16:26:15 kmdns1 sshd[11085]: Invalid user jane from 87.118.122.78
Jun 19 16:26:15 kmdns1 sshd[11086]: input_userauth_request: invalid user jane
Jun 19 16:26:15 kmdns1 sshd[11086]: Received disconnect from
87.118.122.78: 11: Bye Bye
Jun 19 16:26:17 kmdns1 sshd[11087]: Invalid user celeron from 87.118.122.78
Jun 19 16:26:17 kmdns1 sshd[11088]: input_userauth_request: invalid user
celeron
Jun 19 16:26:17 kmdns1 sshd[11088]: Received disconnect from
87.118.122.78: 11: Bye Bye
--------------------

Now both the Mail server and the backup pc server behind firewall and ssh
protocol is denied to the hosts in the DMZ zone

jus wondering how a outside user could try to ssh to my mail server.
if i stop the sshd daemon i dont see any messages in my secure log file

apprecite your addvice and help


regards

Fabian





  

_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux