|
In my opinion, the easiest way to handle this is to move the SSH ports.
Then just pass the -p (port) option for logging in. While this is not bullet proof, it will stop 99.9% of Brute Force attempts. ~Ron Cisco-Education wrote: Dear All, I have the following setup running perfectly OK for a long time CentOS release 5 (Final) sendmail-8.13.8-2.el5 MailScanner 4.76.25 bind-9.3.4-6.0.3.P1.el5_2 now i jus setup a centos box running BackupPC for backing up my my above mail server using ssh as per the instructions in backup pc site i had to enable sshd so i did it and everthing works perfect and backup works great as per my requirement but i notice that when i do a tail -f /var/log/secure i see the followin very often --------------------------- Jun 19 16:26:06 kmdns1 sshd[11073]: Invalid user jeka from 87.118.122.78 Jun 19 16:26:06 kmdns1 sshd[11074]: input_userauth_request: invalid user jeka Jun 19 16:26:06 kmdns1 sshd[11074]: Received disconnect from 87.118.122.78: 11: Bye Bye Jun 19 16:26:07 kmdns1 sshd[11075]: Invalid user stat from 87.118.122.78 Jun 19 16:26:07 kmdns1 sshd[11076]: input_userauth_request: invalid user stat Jun 19 16:26:08 kmdns1 sshd[11076]: Received disconnect from 87.118.122.78: 11: Bye Bye Jun 19 16:26:09 kmdns1 sshd[11077]: Invalid user nikonew from 87.118.122.78 Jun 19 16:26:09 kmdns1 sshd[11078]: input_userauth_request: invalid user nikonew Jun 19 16:26:09 kmdns1 sshd[11078]: Received disconnect from 87.118.122.78: 11: Bye Bye Jun 19 16:26:10 kmdns1 sshd[11079]: Invalid user koval from 87.118.122.78 Jun 19 16:26:10 kmdns1 sshd[11080]: input_userauth_request: invalid user koval Jun 19 16:26:11 kmdns1 sshd[11080]: Received disconnect from 87.118.122.78: 11: Bye Bye Jun 19 16:26:12 kmdns1 sshd[11081]: Invalid user smk from 87.118.122.78 Jun 19 16:26:12 kmdns1 sshd[11082]: input_userauth_request: invalid user smk Jun 19 16:26:12 kmdns1 sshd[11082]: Received disconnect from 87.118.122.78: 11: Bye Bye Jun 19 16:26:14 kmdns1 sshd[11083]: Invalid user ksusha from 87.118.122.78 Jun 19 16:26:14 kmdns1 sshd[11084]: input_userauth_request: invalid user ksusha Jun 19 16:26:14 kmdns1 sshd[11084]: Received disconnect from 87.118.122.78: 11: Bye Bye Jun 19 16:26:15 kmdns1 sshd[11085]: Invalid user jane from 87.118.122.78 Jun 19 16:26:15 kmdns1 sshd[11086]: input_userauth_request: invalid user jane Jun 19 16:26:15 kmdns1 sshd[11086]: Received disconnect from 87.118.122.78: 11: Bye Bye Jun 19 16:26:17 kmdns1 sshd[11087]: Invalid user celeron from 87.118.122.78 Jun 19 16:26:17 kmdns1 sshd[11088]: input_userauth_request: invalid user celeron Jun 19 16:26:17 kmdns1 sshd[11088]: Received disconnect from 87.118.122.78: 11: Bye Bye -------------------- Now both the Mail server and the backup pc server behind firewall and ssh protocol is denied to the hosts in the DMZ zone jus wondering how a outside user could try to ssh to my mail server. if i stop the sshd daemon i dont see any messages in my secure log file apprecite your addvice and help regards Fabian |
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
