Generally when I get these, I take the logs and share them with the offenders ISP. I don't always have great results, but sometimes I do. Also, iwhen possible, I moce the port that ssh listens on, and disallow logins from all but known networks. Obviously, that is not possible for everyone. wilson -----Original Message----- From: redhat-list-bounces@xxxxxxxxxx To: General Red Hat Linux discussion list Sent: Sat Jan 07 09:40:26 2006 Subject: Re: is this an intruder? Marty Landman wrote: > Not sure if I'm reading this right as this is new to me but it appears > someone in Denmark spent about 10 minutes trying a variety of userid's > to start an ssh session on my network gateway. Yep! If you do not need ssh, your best defense is to disable it. Otherwise. Turn off root login and designate a group for oter ssh logins. At home I just use "wheel." in /etc/ssh/sshd_config PermitRootLogin no AllowGroups wheel Restart sshd Put you and anyone else who must have ssh access in the group wheel. Make sure they have good passwords. Other possible changes are to only allow ssh protocol 2 and to change the external port. Check 'Protocol", "Port" and ListenAddress" in man sshd_config. -- Stephen Carville <stephen@xxxxxxxxxxxxxx> Unix and Network Admin Nationwide Totalflood 6033 W. Century Blvd Los Angeles, CA 90045 310-342-3602 -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list ------------------------------------------------------------------------------ Notice: This e-mail message, together with any attachments, contains information of Merck & Co., Inc. (One Merck Drive, Whitehouse Station, New Jersey, USA 08889), and/or its affiliates (which may be known outside the United States as Merck Frosst, Merck Sharp & Dohme or MSD and in Japan, as Banyu) that may be confidential, proprietary copyrighted and/or legally privileged. It is intended solely for the use of the individual or entity named on this message. If you are not the intended recipient, and have received this message in error, please notify us immediately by reply e-mail and then delete it from your system. ------------------------------------------------------------------------------ -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
